blocks|key|195301|text|这一定是某种IIS错误，但我找到了解决方案。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|195302|1-从IIS导出MyPersonalCA.pfx。|195303|2-将其转换为.pem：|offset|length|style|BOLD|195304|openssl+pkcs12+-in+MyPersonalCA.pfx+-out+MyPersonalCA.pem+-nodes|CODE|195305|3-将其转换回.pfx|195306|openssl+pkcs12+-export+-in+MyPersonalCA.pem+-inkey+MyPersonalCA.pem+-out+MyPersonalCA.pfx|195307|4-将其导入回IIS。|195308|entityMap^0|0|0|7|4|0|0|1S|0|7|4|0|0|2H|0|7|3|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|V|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|W|8|@$F|X|G|Y|H|I]]|9|@]|A|$]]|$1|J|3|K|5|6|7|Z|8|@$F|10|G|11|H|L]]|9|@]|A|$]]|$1|M|3|N|5|6|7|12|8|@$F|13|G|14|H|I]]|9|@]|A|$]]|$1|O|3|P|5|6|7|15|8|@$F|16|G|17|H|L]]|9|@]|A|$]]|$1|Q|3|R|5|6|7|18|8|@$F|19|G|1A|H|I]]|9|@]|A|$]]|$1|S|3|-4|5|6|7|1B|8|@]|9|@]|A|$]]]|T|$]]

This must be some kind of IIS bug, but I found the solution.

1- Export MyPersonalCA.pfx from IIS.

2- Convert it to .pem: 

<code>openssl pkcs12 -in MyPersonalCA.pfx -out MyPersonalCA.pem -nodes</code>

3- Convert it back to .pfx:

<code>openssl pkcs12 -export -in MyPersonalCA.pem -inkey MyPersonalCA.pem -out MyPersonalCA.pfx</code>

4- Import it back to IIS.

blocks|key|3037973|text|安全警告：复选框真正的意思是证书可以被不应该能够读取的用户读取。例如，运行IIS辅助进程的用户。在生产中，请改用other+answer。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|3037974|也发生在我身上，并通过确保"Allow+this+certificate+to+be+exported“在导入时检查来修复：|3037975|📷|atomic|3037976|​|3037977|(感谢this+post!)|3037978|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/a/25854919/33080|1|IMAGE|IMMUTABLE|imageUrl|https://ask.qcloudimg.com/http-save/yehe-900000/b8db4ea8ffb7b93722f830cc5d310477.png|imageAlt|2|http://forums.iis.net/post/1868325.aspx^0|0|4|1K|C|0|0|0|0|1|1|0|0|3|9|2|0^^$0|@$1|2|3|4|5|6|7|14|8|@$9|15|A|16|B|C]]|D|@$9|17|A|18|1|19]]|E|$]]|$1|F|3|G|5|6|7|1A|8|@]|D|@]|E|$]]|$1|H|3|I|5|J|7|1B|8|@]|D|@$9|1C|A|1D|1|1E]]|E|$]]|$1|K|3|L|5|6|7|1F|8|@]|D|@]|E|$]]|$1|M|3|N|5|6|7|1G|8|@]|D|@$9|1H|A|1I|1|1J]]|E|$]]|$1|O|3|-4|5|6|7|1K|8|@]|D|@]|E|$]]]|P|$Q|$5|R|S|T|E|$U|V]]|W|$5|X|S|Y|E|$Z|10|11|-4]]|12|$5|R|S|T|E|$U|13]]]]

Security warning: what the checkbox really means is that the certificate can be read by users that shouldn't be able to read it. Such as the user running the IIS worker process. In production use the <a href="https://stackoverflow.com/a/25854919/33080">other answer</a> instead.

Happened to me too, and was fixed by ensuring that "Allow this certificate to be exported" is checked when you import it:

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <img src="https://i.stack.imgur.com/GWST6.png" alt="enter image description here">

(thanks to <a href="http://forums.iis.net/post/1868325.aspx" rel="noreferrer">this post</a>!)

blocks|key|2825186|text|在我们的例子中，出现这个问题是因为我们已经在虚拟机中安装了证书，并为其制作了一个镜像以供进一步使用。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2825187|当从先前创建的映像创建另一个VM时，证书将发送消息。|2825188|要避免这种情况，请确保在安装的每个新虚拟机上安装证书。|2825189|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

In our case this problem occurred because we have installed the certificate in a Virtual Machine and made an image of it for further use.

When creating another VM from the image previously created the certificate sends the message.

To avoid this be sure to install the certificate on every new VM installed.

blocks|key|2825209|text|现在可能没有人关心这个问题了，但我刚刚在IIS7网站绑定中遇到了这个问题。我修复它的方法是去证书颁发机构，找到颁发给服务器的证书。我验证了请求证书的用户帐户。然后，我使用该帐户使用RDP登录到IIS服务器。我只能使用该帐户重新绑定https协议。不需要导出、重新发布或更改扩展的黑客攻击。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2825210|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

Nobody probably cares about this anymore, but I just faced this issue with my IIS 7 website binding. The way I fixed it was going to the Certificate Authority and finding the certificate issued to the server with the issue. I verified the user account that requested the certificate. I Then logged into the IIS server using RDP with that account. I was able to rebind the https protocol using that account only. No exports, reissuing, or extension changing hacks were needed.

blocks|key|199763|text|导出PKCS+#12证书时，由于openssl命令行错误，导致出现此错误。-certfile密钥错误。我再次导出证书，导入成功。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|199764|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

I got this error due to wrong openssl command-line during export PKCS #12 certificate. -certfile key was wrong. I exported certificate again and it was imported successfully.

blocks|key|3038136|text|我遇到了同样的问题，但以不同的方式修复了它。我相信我使用的帐户从我最初尝试设置证书的时间到我返回完成工作的时间都发生了变化，从而产生了问题。问题是什么，我不知道，但我怀疑它与来自当前用户的某种散列有关，并且在某些情况下是不一致的，因为用户被修改或重新创建，等等。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3038137|为了修复它，我从IIS和证书管理单元(用于当前用户和本地计算机)中抓取了有问题的证书的所有引用：|3038138|​|3038139|📷|atomic|offset|length|3038140|3038141|3038142|3038143|3038144|接下来，我将*.pfx文件导入到MMC中的证书管理单元中，将其放置在本地计算机\个人节点中：|3038145|3038146|右键单击Personal+(在本地计算机下作为根目录)下的证书节点|ordered-list-item|3038147|All+Tasks+->导入|3038148|完成向导以导入*.pfx|3038149|3038150|从那时起，我能够返回到IIS并在服务器证书中找到它。最后，我转到我的站点，编辑绑定并选择正确的证书。它之所以有效，是因为用户在整个过程中都是一致的。|3038151|在另一个答案中提到的这一点上，您不应该将其标记为可导出，因为这是一个主要的安全问题。您实际上是在允许任何具有类似权限集的用户获取您的证书，并将其导入到其他任何地方。显然，这并不是最优的。|3038152|entityMap|0|IMAGE|mutability|IMMUTABLE|imageUrl|https://ask.qcloudimg.com/http-save/yehe-900000/cdf340e228249a450d585ae73b3d083d.png|imageAlt|1|https://ask.qcloudimg.com/http-save/yehe-900000/4905aecc12213cfb3c4924d7f9fdd2e4.png^0|0|0|0|0|1|0|0|0|0|0|1|1|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|1E|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|1F|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|1G|8|@]|9|@]|A|$]]|$1|F|3|G|5|H|7|1H|8|@]|9|@$I|1I|J|1J|1|1K]]|A|$]]|$1|K|3|E|5|6|7|1L|8|@]|9|@]|A|$]]|$1|L|3|E|5|6|7|1M|8|@]|9|@]|A|$]]|$1|M|3|G|5|H|7|1N|8|@]|9|@$I|1O|J|1P|1|1Q]]|A|$]]|$1|N|3|E|5|6|7|1R|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|1S|8|@]|9|@]|A|$]]|$1|Q|3|-4|5|6|7|1T|8|@]|9|@]|A|$]]|$1|R|3|S|5|T|7|1U|8|@]|9|@]|A|$]]|$1|U|3|V|5|T|7|1V|8|@]|9|@]|A|$]]|$1|W|3|X|5|T|7|1W|8|@]|9|@]|A|$]]|$1|Y|3|-4|5|6|7|1X|8|@]|9|@]|A|$]]|$1|Z|3|10|5|6|7|1Y|8|@]|9|@]|A|$]]|$1|11|3|12|5|6|7|1Z|8|@]|9|@]|A|$]]|$1|13|3|-4|5|6|7|20|8|@]|9|@]|A|$]]]|14|$15|$5|16|17|18|A|$19|1A|1B|-4]]|1C|$5|16|17|18|A|$19|1D|1B|-4]]]]

I ran across this same issue, but fixed it a different way. I believe the account I was using changed from the time I initially attempted to set up the certificate to the time where I returned to finish the work, thus creating the issue. What the issue is, I don't know, but I suspect it has to do with some sort of hash from the current user and that is inconsistent in some scenarios as the user is modified or recreated, etc.

To fix it, I ripped out of both IIS and the Certificates snap-in (for Current User and Local Computer) all references of the certificate in question:

<img src="https://i.stack.imgur.com/EFENh.png" alt="IIS certificates">

<img src="https://i.stack.imgur.com/naR09.png" alt="mmc.exe --&gt; add/remove snap-ins, choose certificates then local computer or current user">

Next, I imported the *.pfx file into the certs snap-in in MMC, placing it in the Local Computer\Personal node:

<ol>
<li>Right-click the Certificates node under Personal (under Local Computer as the root)</li>
<li>All Tasks -> Import</li>
<li>Go through the Wizard to import your *.pfx</li>
</ol>

From that point, I was able to return to IIS and find it in the Server Certificates. Finally, I went to my site, edited the bindings and selected the correct certificate. It worked because the user was consistent throughout the process.

To the point mentioned in another answer, you shouldn't have to resort to marking it as exportable as that's a major security issue. You're effectively allowing anyone who can get to the box with a similar set of permissions to take your cert with them and import it anywhere else. Obviously that's not optimal.

blocks|key|2825320|text|我也有同样的问题。解决方法是从de+personal+store+(有人把它放进去)和虚拟主机中删除证书。所有这些都是通过IIS管理器完成的。然后我再次添加到虚拟主机商店(与所有检查)，我可以再次使用HTTPS…|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2825321|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

I had the same issue. Solved by removing the certificate from de personal store (somebody put in it) and from the webhosting. All done through the IIS manager. Then I added again to the webhosting store (with everything checked) and I can use HTTPS again...

blocks|key|2825333|text|由于错误地将证书导入到当前用户个人证书存储中，我们遇到了相同的问题。将其从当前用户个人存储中删除并将其导入本地计算机个人证书存储解决了该问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2825334|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

We had the same issue due to incorrectly importing the certificate into the Current User Personal certificate store. Removing it from the Current User Personal store and importing it into the Local Machine Personal certificate store solved the problem.

blocks|key|197278|text|在我的例子中，这是因为World+Wide+Publishing+Service用户没有访问证书的权限。安装证书后，访问MMC中的证书模块，然后右键单击有问题的证书。选择“管理私钥...”从"All+Tasks“菜单中，添加上述用户。在我的例子中，这是系统用户。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|197279|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

In my case it was because the World Wide Publishing Service user didn't have permissions to the certificate. After installing the certificate, access the certificates module in MMC and right-click the certificate with the issue. Select "Manage Private Keys..." from the "All Tasks" menu and add the above user. This was SYSTEM user in my case.

blocks|key|195477|text|通过使用Windows证书管理器导入SSL证书PFX文件，我设法解决了这个问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|195478|http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates|offset|length|195479|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|29|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|N|8|@]|9|@$D|O|E|P|1|Q]]|A|$]]|$1|F|3|-4|5|6|7|R|8|@]|9|@]|A|$]]]|G|$H|$5|I|J|K|A|$L|C]]]]

I managed to fix this problem by importing the SSL certificate PFX file using Windows Certificate Manager.

<a href="http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates" rel="nofollow">http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates</a>

blocks|key|195485|text|我今天才有了这个问题，我觉得有必要把我的解决方案贴出来，希望你能比我少掉头发。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|195486|在尝试了上面的解决方案之后，我们必须从SSL提供商(作为GeoTrust的经销商发布RapidSSL)重新颁发SSL证书。|195487|这个过程是免费的，在确认邮件(@)到达时只有5分钟的等待时间，然后我们再次获得了访问权限。|offset|length|style|BOLD|195488|得到响应后，我们使用IIS+>服务器证书来安装它。我们不需要MMC管理单元。|195489|https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO5757|195490|我们始终保持服务器的远程桌面窗口打开，以避免不同登录帐户/会话等的任何问题。正如另一位专家所认为的那样，我认为这是IIS错误，因为我们只有一个RDC帐户。最令人气愤的是，同一个证书在突然“破解”之前已经完美工作了两个月。|195491|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|F|U|0|0|12|0|0|2J|0|2J|0|0|0|32|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|X|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|Y|8|@$F|Z|G|10|H|I]]|9|@]|A|$]]|$1|J|3|K|5|6|7|11|8|@$F|12|G|13|H|I]]|9|@]|A|$]]|$1|L|3|M|5|6|7|14|8|@$F|15|G|16|H|I]]|9|@$F|17|G|18|1|19]]|A|$]]|$1|N|3|O|5|6|7|1A|8|@$F|1B|G|1C|H|I]]|9|@]|A|$]]|$1|P|3|-4|5|6|7|1D|8|@]|9|@]|A|$]]]|Q|$R|$5|S|T|U|A|$V|M]]]]

I just had this issue today and feel compelled to post my solution in the hope that you will lose less hair than I've just done.

After trying the solutions above, we had to re-issue the SSL certificate from the SSL provider (RapidSSL issuing as a reseller for GeoTrust).

There was no cost with this process, just the five minute wait while the confirmation emails (admin@) arrived, and we gained access again.

Once we had the response, we used IIS > Server Certificates to install it. We did not need the MMC snap-in.

<a href="https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&amp;id=SO5757" rel="nofollow">https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&amp;id=SO5757</a>

We kept a remote desktop window to the server open throughout, to avoid any issues with differing login accounts/sessions, etc. I do believe it is an IIS bug as another expert believes, as we only have one RDC account. What is most infuriating is that the very same certificate has been working perfectly for two months before suddenly "breaking".

blocks|key|195498|text|不是从IIS导入证书，而是从MMC导入。然后转到IIS进行绑定。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|195499|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

Instead of importing the cert from IIS, do it from MMC.
Then goto IIS for binding.

blocks|key|198070|text|在我的例子中，我最近刚从StartSSL导入了一个较新版本的证书(用于IIS的PFX)，并且忘记删除旧的证书，不知何故导致了这个错误(现在两个证书差不多)。我删除了这两个文件，导入了合适的文件，现在它可以工作了。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|198071|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

In my case I imported a newer version of a certificate (PFX for IIS) from StartSSL just recently and forgot to remove the old one, which somehow caused this error (now two certs sort of the same). I removed both of them, imported the proper one, and now it works.

blocks|key|198082|text|当我试图为我的开发机器绑定localhost+pfx证书时，我得到了一个this错误。在我尝试上面的任何一个之前，先尝试一些更简单的东西。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|198083|此管理员关闭了所有本地主机开发站点，并关闭了管理器，并以管理员身份运行管理器|198084|unordered-list-item|198085|
|198086|198087|198088|+time.|198089|198090|restarted+my+https+bindings，没有错误或问题|198091|+iis|ordered-list-item|198092|198093|198094|在那之后，一切似乎都正常了。|198095|entityMap^0|0|0|0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|X|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Y|8|@]|9|@]|A|$]]|$1|D|3|-4|5|E|7|Z|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|10|8|@]|9|@]|A|$]]|$1|H|3|-4|5|E|7|11|8|@]|9|@]|A|$]]|$1|I|3|G|5|6|7|12|8|@]|9|@]|A|$]]|$1|J|3|K|5|E|7|13|8|@]|9|@]|A|$]]|$1|L|3|G|5|6|7|14|8|@]|9|@]|A|$]]|$1|M|3|N|5|E|7|15|8|@]|9|@]|A|$]]|$1|O|3|P|5|Q|7|16|8|@]|9|@]|A|$]]|$1|R|3|-4|5|6|7|17|8|@]|9|@]|A|$]]|$1|S|3|-4|5|6|7|18|8|@]|9|@]|A|$]]|$1|T|3|U|5|6|7|19|8|@]|9|@]|A|$]]|$1|V|3|-4|5|6|7|1A|8|@]|9|@]|A|$]]]|W|$]]

I was getting a this error when trying to bind localhost pfx cert for my development machine.
Before i tried any of this above, tried something simpler first.

<ol>
<li>Closed any localhost dev site i had openned.</li>
<li>Stopped my IIS server and closed the manager</li>
<li>run the manager as Admin</li>
<li>Added all my https bindings, no errors or issues this time.</li>
<li>restarted iis</li>
</ol>

Everything seems to work after that.

blocks|key|3038417|text|尝试：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3038418|3038419|进入IIS并删除"VSTS+Dev+Router“网站和"VSTS+Dev+Router+Pool”应用程序池。|ordered-list-item|3038420|运行“certlm.msc”并打开任何名为“*.vsts.me”的证书和"vsts.me"|3038421|Re-deploy|3038422|3038423|entityMap^0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|N|8|@]|9|@]|A|$]]|$1|C|3|D|5|E|7|O|8|@]|9|@]|A|$]]|$1|F|3|G|5|E|7|P|8|@]|9|@]|A|$]]|$1|H|3|I|5|E|7|Q|8|@]|9|@]|A|$]]|$1|J|3|-4|5|6|7|R|8|@]|9|@]|A|$]]|$1|K|3|-4|5|6|7|S|8|@]|9|@]|A|$]]]|L|$]]

Try :

<ol>
<li>Go into IIS and delete "VSTS Dev Router" web site and "VSTS Dev Router Pool" application pool.</li>
<li>Run “certlm.msc” and open Personal/Certificates</li>
<li>Delete any cert named “*.vsts.me” and "vsts.me"</li>
<li>Re-deploy</li>
</ol>

blocks|key|3038473|text|根据MSDN+blog+post的说法，当当前用户帐户没有访问文件夹"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys".下的私钥文件的权限时，就会发生这种情况显然，可以通过授予用户帐户/用户组对上述文件夹的完全访问权限来解决此问题。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|3038474|我也遇到过同样的问题，只需使用Allow+this+certificate+ti+be+exported复选框selected重新导入证书文件，即可解决此问题。|3038475|​|3038476|📷|atomic|3038477|3038478|但是，此方法会带来安全风险，因为任何有权访问|3038479|服务器的用户都可以使用私钥导出您的证书。|blockquote|3038480|3038481|3038482|在我的情况下，只有我有权访问我的IIS服务器-因此这不是一个巨大的风险。|3038483|entityMap|0|LINK|mutability|MUTABLE|url|https://blogs.msdn.microsoft.com/asiatech/2010/08/12/got-error-0x80070520-when-binding-certificate-to-web-site-on-iis-7/|1|IMAGE|IMMUTABLE|imageUrl|https://ask.qcloudimg.com/http-save/yehe-900000/9b695a83f4b142bced1750e7938d0502.png|imageAlt^0|Z|1C|3C|B|2|E|0|0|F|11|1J|8|0|0|0|1|1|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|1A|8|@$9|1B|A|1C|B|C]|$9|1D|A|1E|B|C]]|D|@$9|1F|A|1G|1|1H]]|E|$]]|$1|F|3|G|5|6|7|1I|8|@$9|1J|A|1K|B|C]|$9|1L|A|1M|B|C]]|D|@]|E|$]]|$1|H|3|I|5|6|7|1N|8|@]|D|@]|E|$]]|$1|J|3|K|5|L|7|1O|8|@]|D|@$9|1P|A|1Q|1|1R]]|E|$]]|$1|M|3|I|5|6|7|1S|8|@]|D|@]|E|$]]|$1|N|3|O|5|6|7|1T|8|@]|D|@]|E|$]]|$1|P|3|Q|5|R|7|1U|8|@]|D|@]|E|$]]|$1|S|3|-4|5|6|7|1V|8|@]|D|@]|E|$]]|$1|T|3|-4|5|6|7|1W|8|@]|D|@]|E|$]]|$1|U|3|V|5|6|7|1X|8|@]|D|@]|E|$]]|$1|W|3|-4|5|6|7|1Y|8|@]|D|@]|E|$]]]|X|$Y|$5|Z|10|11|E|$12|13]]|14|$5|15|10|16|E|$17|18|19|-4]]]]

According to the <a href="https://blogs.msdn.microsoft.com/asiatech/2010/08/12/got-error-0x80070520-when-binding-certificate-to-web-site-on-iis-7/" rel="nofollow noreferrer">MSDN blog post</a>, this can happen when the current user account doesn't have permission to access the private key file which is under the folder "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys". Apparently this can be resolved by granting the user account / user group Full Access permission to the above folder.

I've come across the same issue, and was able to resolve it by simply re-importing the .pfx file with the Allow this certificate ti be exported checkbox selected.

<a href="https://i.stack.imgur.com/f3IYJ.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/f3IYJ.png" alt="Import Certificate"></a>

<blockquote>
 However, this method imposes a security risk - as any user who has
 access to your IIS server will be able to export your certificate with
 the private key.
</blockquote>

In my case, only I have access to my IIS server - therefore it was not a huge risk.

blocks|key|198143|text|我们找到了另一个原因。如果您正在编写证书脚本，请使用PowerShell并使用Import-PfxCertificate命令进行安装。这将导入证书。但是，导入的证书不能绑定到IIS中的网站，错误与此问题提到的错误相同。您可以使用以下命令列出证书，并查看原因：|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|198144|certutil+-store+My|code-block|syntax|javascript|198145|这将列出您的个人存储中的证书，您将看到此属性：|198146|Provider+=+Microsoft+Software+Key+Storage+Provider|198147|此存储提供程序是较新的CNG提供程序，不受IIS或.NET支持。您无法访问密钥。因此，您应该使用certutil.exe在脚本中安装证书。使用证书管理器MMC管理单元或IIS导入也可以，但对于脚本，请使用certutil，如下所示：|198148|certutil+-f+-p+password+-importpfx+My+.\cert.pfx+NoExport|198149|有关更多信息，请参阅本文：https://windowsserver.uservoice.com/forums/295065-security-and-assurance/suggestions/18436141-import-pfxcertificate-needs-to-support-legacy-priv|198150|entityMap|0|LINK|mutability|MUTABLE|url|https://windowsserver.uservoice.com/forums/295065-security-and-assurance/suggestions/18436141-import-pfxcertificate-needs-to-support-legacy-priv^0|13|L|0|0|0|0|0|0|D|40|0|0^^$0|@$1|2|3|4|5|6|7|12|8|@$9|13|A|14|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|15|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|16|8|@]|D|@]|E|$]]|$1|M|3|N|5|H|7|17|8|@]|D|@]|E|$I|J]]|$1|O|3|P|5|6|7|18|8|@]|D|@]|E|$]]|$1|Q|3|R|5|H|7|19|8|@]|D|@]|E|$I|J]]|$1|S|3|T|5|6|7|1A|8|@]|D|@$9|1B|A|1C|1|1D]]|E|$]]|$1|U|3|-4|5|6|7|1E|8|@]|D|@]|E|$]]]|V|$W|$5|X|Y|Z|E|$10|11]]]]

We found another cause for this. If you are scripting the certificate install using PowerShell and used the <code>Import-PfxCertificate</code> command. This will import the certificate. However, the certificate imported cannot be bound to a website in IIS with the same error as this question mentions. You can list certificates using this command and see why:

<pre><code>certutil -store My
</code></pre>

This lists the certificates in your Personal store and you will see this property:

<pre><code>Provider = Microsoft Software Key Storage Provider
</code></pre>

This storage provider is a newer CNG provider and is not supported by IIS or .NET. You cannot access the key. Therefore you should use certutil.exe to install certificates in your scripts. Importing using the Certificate Manager MMC snap-in or IIS also works but for scripting, use certutil as follows:

<pre><code>certutil -f -p password -importpfx My .\cert.pfx NoExport
</code></pre>

See this article for more information: <a href="https://windowsserver.uservoice.com/forums/295065-security-and-assurance/suggestions/18436141-import-pfxcertificate-needs-to-support-legacy-priv" rel="nofollow noreferrer">https://windowsserver.uservoice.com/forums/295065-security-and-assurance/suggestions/18436141-import-pfxcertificate-needs-to-support-legacy-priv</a>

blocks|key|2825594|text|我在绑定证书时遇到相同的错误，但在删除证书并通过mmc控制台再次导入后修复。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2825595|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

I was getting same error whilst binding the certificate, but fixed after deleting the certificate and importing again through mmc console.

blocks|key|197403|text|伙计们，在尝试了几乎所有的解决方案都无济于事之后，我最终找到了“指定的登录会话不存在”的解决方案。可能已经被终止了。“当使用下面的https时|type|unstyled|depth|inlineStyleRanges|entityRanges|data|197404|197405|使用正确的私钥|ordered-list-item|197406|验证您的pfx证书是否正常|197407|197408|运行certutil并找到证书‘唯一容器名称’-I+used+certutil+-v+-store+my+|197409|197410|3.导航到C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys并找到与上面找到的容器名称对应的系统文件|197411|系统检查权限并确保‘|197412|’对文件具有完全控制权限。|197413|197414|一旦申请，我然后检查IIS，并能够申请到https没有错误|197415|entityMap^0|0|0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|X|8|@]|9|@]|A|$]]|$1|C|3|D|5|E|7|Y|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|Z|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|10|8|@]|9|@]|A|$]]|$1|I|3|J|5|E|7|11|8|@]|9|@]|A|$]]|$1|K|3|-4|5|6|7|12|8|@]|9|@]|A|$]]|$1|L|3|M|5|6|7|13|8|@]|9|@]|A|$]]|$1|N|3|O|5|6|7|14|8|@]|9|@]|A|$]]|$1|P|3|Q|5|E|7|15|8|@]|9|@]|A|$]]|$1|R|3|-4|5|6|7|16|8|@]|9|@]|A|$]]|$1|S|3|T|5|6|7|17|8|@]|9|@]|A|$]]|$1|U|3|-4|5|6|7|18|8|@]|9|@]|A|$]]]|V|$]]

Guys after trying almost every single solution to no avail i ended up finding my solution to '“A specified logon session does not exist. It may already have been terminated.” when using https&quot; below
<ol>
<li>Verify your pfx cert is healthy with correct private key
</li>
<li>Run certutil and locate the certs 'unique Container name' - i used certutil -v -store my 
</li>
</ol>
3.Navigate to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys and locate the system file that corresponds to your Container name found above
<ol start="4">
<li>Check permissions and ensure 'system' has full control to file.</li>
</ol>
Once applied i then checked IIS and was able to apply to https without error

blocks|key|199949|text|我可以通过删除然后双击证书将其导入来解决此问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|199950|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

I was able to fix this problem by removing the then importing it by double clicking the certificate.

blocks|key|3038648|text|对我来说，修复方法是从IIS中删除证书并重新导入，但将其导入“个人”证书存储，而不是“虚拟主机”|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3038649|根据下面的说明，这是很好的，至少对我自己来说是这样的。|3038650|3038651|What's+the+difference+between+the+Personal+and+Web+Hosting+certificate+store?|unordered-list-item|offset|length|3038652|3038653|此外，如果有什么不同，我是在本地计算机上双击证书之后通过向导导入证书的，而不是通过IIS导入方法。此后，该证书将自动在IIS中可用。|3038654|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/questions/26681192/whats-the-difference-between-the-personal-and-web-hosting-certificate-store^0|0|0|0|0|25|0|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|V|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|W|8|@]|9|@]|A|$]]|$1|E|3|F|5|G|7|X|8|@]|9|@$H|Y|I|Z|1|10]]|A|$]]|$1|J|3|-4|5|6|7|11|8|@]|9|@]|A|$]]|$1|K|3|L|5|6|7|12|8|@]|9|@]|A|$]]|$1|M|3|-4|5|6|7|13|8|@]|9|@]|A|$]]]|N|$O|$5|P|Q|R|A|$S|T]]]]

For me, the fix was to delete the cert from IIS and re-import it, but into the &quot;personal&quot; certificate store instead of &quot;web hosting&quot;
According to the below, this is fine, at least for my own circumstances.
<ul>
<li><a href="https://stackoverflow.com/questions/26681192/whats-the-difference-between-the-personal-and-web-hosting-certificate-store">What&#39;s the difference between the Personal and Web Hosting certificate store?</a></li>
</ul>
Also, should it make any difference, I imported the certificate via the wizard after double clicking on it on the local machine, instead of via the IIS import method. After this the certificate was available in IIS automatically.

blocks|key|3038668|text|在我的例子中，它已经通过使用certutil+-repairstore命令得到了修复。尝试使用powershell将证书添加到IIS上的Web绑定时出现以下错误：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3038669|3038670|指定的登录会话不存在。它可能已经终止了。|blockquote|3038671|3038672|3038673|我通过运行以下命令修复了它：|3038674|certutil.exe+-repairstore+$CertificateStoreName+$CertThumbPrint|code-block|syntax|javascript|3038675|其中CertificateStoreName是存储名称，CertThumbPrint是导入证书的指纹。|offset|length|style|CODE|3038676|entityMap^0|0|0|0|0|0|0|0|2|K|S|E|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|X|8|@]|9|@]|A|$]]|$1|C|3|D|5|E|7|Y|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|Z|8|@]|9|@]|A|$]]|$1|G|3|-4|5|6|7|10|8|@]|9|@]|A|$]]|$1|H|3|I|5|6|7|11|8|@]|9|@]|A|$]]|$1|J|3|K|5|L|7|12|8|@]|9|@]|A|$M|N]]|$1|O|3|P|5|6|7|13|8|@$Q|14|R|15|S|T]|$Q|16|R|17|S|T]]|9|@]|A|$]]|$1|U|3|-4|5|6|7|18|8|@]|9|@]|A|$]]]|V|$]]

In my case, it has been fixed by using certutil -repairstore command. I was getting following error, when trying to add certificate to Web Binding on IIS using powershell:
<blockquote>
A specified logon session does not exist. It may already have been terminated.
</blockquote>
I fixed it by running:
<pre><code>certutil.exe -repairstore $CertificateStoreName $CertThumbPrint
</code></pre>
where <code>CertificateStoreName</code> is store name, and <code>CertThumbPrint</code> is the thumbprint of imported certificate.

I am trying to create Client Certificates Authentication for my asp.net Website.

In order to create client certificates, I need to create a Certificate Authority first:

<blockquote>
 makecert.exe -r -n “CN=My Personal CA” -pe -sv MyPersonalCA.pvk -a
 sha1 -len 2048 -b 01/01/2013 -e 01/01/2023 -cy authority
 MyPersonalCA.cer
</blockquote>

Then, I have to import it to IIS 7, but since it accepts the .pfx format, i convert it first

<pre><code>pvk2pfx.exe -pvk MyPersonalCA.pvk -spc MyPersonalCA.cer -pfx MyPersonalCA.pfx
</code></pre>

After importing MyPersonalCA.pfx, I try to add the https site binding to my Web Site and choose the above as SSL Certificate, but I get the following error:

<img src="https://i.stack.imgur.com/ixq6G.png" alt="enter image description here">

Any suggestions?

IIS 7 Error "A specified logon session does not exist. It may already have been terminated." when using https

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

我正在尝试为我的asp.net网站创建客户端证书身份验证。为了创建客户端证书，我需要首先创建一个证书颁发机构： makecert.exe -r -n“CN=My Personal CA”-pe -sv MyPersonalCA.pvk -a sha1 -len 2048 -b 2013.01/01/2013 -e 01...

问IIS 7错误“指定的登录会话不存在。它可能已被终止。”使用https时
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问IIS 7错误“指定的登录会话不存在。它可能已被终止。”使用https时EN