Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

makecert error when creating service certificate

Posted on 2013-06-27
2
2,150 Views
Last Modified: 2013-06-29
I am attempting to configure a Microsoft Dynamics NAV 2013 Service Tier Server to accept the NAVUserPassword ClientServicesCredentialType.  It is a development environment and those that access the server will be in a different untrusted domain.

I have been happily following a blog related to the subject and using makecert to create the certificates.  Here are my steps:

Create and import via mmc the root certificate
makecert -n "CN=RootEW7DevServiceCA" -r -sv RootEW7DevServiceCA.pvk RootEW7DevServiceCA.cer

Create and import via mmc the revocation certificate
makecert -crl -n "CN=RootEW7DevServiceCA" -r -sv RootEW7DevServiceCA.pvk RootEW7DevServiceCA.crl

When I try this final step...

makecert -sk EW7DevSerivce -iv RootEW7DevServiceCA.pvk -n "CN=EW7DevSerivce" -ic RootEW7DevServiceCA.cer -sr localmachine -ss my -sky exchange -pe EW7DevSerivce.cer

makecert throws the following error:
Error: Can't create the key of the subject ('EW7DevService')
Failed

I've diddled with permissions on
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
and I think they are correct.  Local Administrators (I am one) and Everyone with "Special" permissions.

I'm stumped - anybody got any ideas?
0
Comment
Question by:tarkmyler
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39285939
See if this helps - mentioned -sr CurrentUser

http://nerdwords.blogspot.sg/2008/01/makecertexe-error-can-create-key-of.html

if you are creating a root certificate, you should add -cy authority parameter

another simpler for info
http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx

btw, I do see typo e.g. EW7DevSerivce instead of EW7DevService though it should not matter
0
 

Author Comment

by:tarkmyler
ID: 39287247
Oh boy howdy.  That dyslexic streak lifted its ugly head again.  I Changed Serivce to Service and the makecert command succeeded.  Thank you!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question