Solved

makecert error when creating service certificate

Posted on 2013-06-27
2
2,240 Views
Last Modified: 2013-06-29
I am attempting to configure a Microsoft Dynamics NAV 2013 Service Tier Server to accept the NAVUserPassword ClientServicesCredentialType.  It is a development environment and those that access the server will be in a different untrusted domain.

I have been happily following a blog related to the subject and using makecert to create the certificates.  Here are my steps:

Create and import via mmc the root certificate
makecert -n "CN=RootEW7DevServiceCA" -r -sv RootEW7DevServiceCA.pvk RootEW7DevServiceCA.cer

Create and import via mmc the revocation certificate
makecert -crl -n "CN=RootEW7DevServiceCA" -r -sv RootEW7DevServiceCA.pvk RootEW7DevServiceCA.crl

When I try this final step...

makecert -sk EW7DevSerivce -iv RootEW7DevServiceCA.pvk -n "CN=EW7DevSerivce" -ic RootEW7DevServiceCA.cer -sr localmachine -ss my -sky exchange -pe EW7DevSerivce.cer

makecert throws the following error:
Error: Can't create the key of the subject ('EW7DevService')
Failed

I've diddled with permissions on
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
and I think they are correct.  Local Administrators (I am one) and Everyone with "Special" permissions.

I'm stumped - anybody got any ideas?
0
Comment
Question by:tarkmyler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39285939
See if this helps - mentioned -sr CurrentUser

http://nerdwords.blogspot.sg/2008/01/makecertexe-error-can-create-key-of.html

if you are creating a root certificate, you should add -cy authority parameter

another simpler for info
http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx

btw, I do see typo e.g. EW7DevSerivce instead of EW7DevService though it should not matter
0
 

Author Comment

by:tarkmyler
ID: 39287247
Oh boy howdy.  That dyslexic streak lifted its ugly head again.  I Changed Serivce to Service and the makecert command succeeded.  Thank you!
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question