pegKrosschell
asked on
""An internal error occurred" message when moving ssl certificates from Windows 2000 to Windows Server 2003
I am attempting to move some ssl certificates for some web sites we host from a Windows 2000 to a Windows Server 2003 machine.
For some of the certificates, I recieve the following error message when attempting to import them into the Local Computer account using the Certificates snap-in in MMC:
"An internal error occurred. This can be either the user profile is not
accessible or the private key that you are importing might require a
cryptographic service this is not installed on your system."
I am able to import these certificates into the Current User account, and then drag and drop them into the Local Computer area.
However, once the certificates are installed, either directly into the Local Computer account or by dragging and dropping from elsewhere, I get a DNS error when attempting to access secure errors of our sites.
Does anyone have any tips for troubleshooting this?
Thanks,
Brian Crick
For some of the certificates, I recieve the following error message when attempting to import them into the Local Computer account using the Certificates snap-in in MMC:
"An internal error occurred. This can be either the user profile is not
accessible or the private key that you are importing might require a
cryptographic service this is not installed on your system."
I am able to import these certificates into the Current User account, and then drag and drop them into the Local Computer area.
However, once the certificates are installed, either directly into the Local Computer account or by dragging and dropping from elsewhere, I get a DNS error when attempting to access secure errors of our sites.
Does anyone have any tips for troubleshooting this?
Thanks,
Brian Crick
RevelationCS
I guess it is a little vague as to where the problem is coming in at. From the sounds of it to me, you were able to download and install the certs on the new PC and it is when you are accessing the website that you get the errors?
ASKER
That's basically it. Installing the certs is a bit of a convoluted process sometimes (having to do it from the Current User area), but evidently can be done.
However, I just tried to install a certification from a command-line tool in the IIS resource kit, and it gave me a 'permission denied' error, even though I'm logged in as Administrator.
However, I just tried to install a certification from a command-line tool in the IIS resource kit, and it gave me a 'permission denied' error, even though I'm logged in as Administrator.
ASKER
It turns out the permissions on \Documents and settings\All Users\Application Data\Microsoft\Crypto\RSA\
Once that was done, I could import the certificates normally and everything worked ok.
Once that was done, I could import the certificates normally and everything worked ok.
that makes sense... please see the help files if you need help closing out the file.
user resolved on his own.. no objections here....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help!
Old thread, but this also worked on Windows 2000 SP4. I was receiving the same error trying to import a new wildcard certificate. The security on the MachineKeys directory granted nothing to the Administrator. Adding the "Full Control" privilege resolved the issue.