Page History

Run the Certificate Manager

To view the private key of the certificate you will need to use the Certificate Manager.

Windows Server 2008

• Click the Start button, type certmgr.msc into the Search box, and press the Enter key.

Windows Server 2012/2012 R2

• From the Desktop, Click the Windows Explorer icon on the Taskbar.
• In the address bar type certmgr.msc and press Enter.

Assign the Correct Privileges

1) In the Certificate Console expand the nodes Console Root → Certificates (Local Computer) → Personal → Certificates and right-click the certificate you would like to work with.

2) From the resulting contextual menu choose All Tasks → Manage Private Keys...

3) In the Permissions window under the section Group or user names, highlight the entry Account Unknown, and click the Remove button.

4) In the Select Users or Groups window click the Locations... button and ensure the location is the local machine not the Active Directory Domain.

5) In the Enter the object names to select section type Network Service and click the Check Names.

6) Review your settings to ensure they are correct and click the OK button to confirm the changes.

7) In the Permissions window under the section Group or user names, highlight the entry NETWORK SERVICE, and uncheck the Allow checkbox next to Full Control. If this is a SAML Signing Certificate repeat the same process with the Authenticated Users entry as well.

8) Review your settings to ensure they are correct and click the OK button to confirm the changes.