EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Failed to acquire key context error when using local root certificate

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 02/28/2013 03:49:28
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26


thanks for all of your answers, really. I have moved the access type an putted it before setting the storage name. Also I have putted the ReadOnly to true before opening the storage. With this changes, the intermediate program I mentioned in earlier posts, goes perfect. But my web App fails ... The error that happens it is just like the first of the post:

"Signing failed: Failed to acquire key context"

at SBCryptoProvWin32.TElWin32CryptoProvider.SignFinal(TElCustomCryptoContext Context, Byte[]& Buffer, Int32 StartIndex, Int32& Size, TElCPParameters Params, TSBProgressFunc ProgressFunc, Object ProgressData)

at SBPublicKeyCrypto.TElRSAPublicKeyCrypto.SignFinal()

at SBPublicKeyCrypto.TElPublicKeyCrypto.InternalSignDetached()

at SBPublicKeyCrypto.TElPublicKeyCrypto.SignDetached(Byte[] InBuffer, Int32 InIndex, Int32 InSize, Byte[]& OutBuffer, Int32 OutIndex, Int32& OutSize)

at SBCMS.TElCMSSignature.SignSubject(TElX509Certificate Cert, Boolean AsyncOperation, TElDCAsyncState& State)

at SBCMS.TElCMSSignature.Sign(TElX509Certificate Cert, TElCustomCertStorage Chain)

at SBPAdES.TElPDFAdvancedPublicKeySecurityHandler.SignHash(Byte[] Hash, Int32 StartIndex, Int32 Count)

at SBPDF.TElPDFDocument.InsertActualSignatureInformation(Boolean IncrementalUpdate)

at SBPDF.TElPDFDocument.Close(Boolean Save)

at Fullstep.PMPortalWeb.OfertasPDF.CloseCurrentDocument(Boolean saveChanges) in D:\FULLSTEP PORTAL\Version_31900_8\NET\PMPortalWeb\script\ofertas\OfertasPDF.aspx.vb:line 349

Know it is sure that I am accessing the local machine root certificates store, and also it is sure that the certificate with which I am trying to sign has the private key (Because with the intermediate program the signing ends successfully). So I think that this can be user permissions problem, that the user "Network Service" can't use a certificate from local machine root certificates store for signing (although this user can load in TelWinCertStorage the list of local machine root certificates).
Posted: 02/28/2013 04:25:29
by Ken Ivanov (EldoS Corp.)


This is definitely a permissions issue. Please check this Microsoft tool that might help to set up the access rights correctly.
Posted: 02/28/2013 04:31:14
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Thank you very much, really.

I will post here the solution when I find it.
Posted: 03/01/2013 03:36:10
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26


For the last problem I got, I post the solution which worked here:

- In command line execute mmc. Then when the window of mmc opens File -> Add/Remove Snap in ... -> Add ... -> Certificates -> Add -> Computer Account -> Next -> Finish -> Close -> OK

- Then open in the mmc browser Console Root -> Certificates (Local Computer) -> Trusted Root Certificates Authorities -> Certificates and right click on it, then All Task -> Import ... -> Next -> Browse ... (and select the .pfx with the private key) -> Next -> Enter the password in the textbox -> Mark key as exportable -> Next -> Place all certificates in the following store -> Browse ... (and select Trusted Root Certification Authorities) -> Next -> Finish

- Then download at Windows Server 2003 Resource Kit Tools


and install it.

- Then execute in command line

winhttpcertcfg -g -c LOCAL_MACHINE\Root -s "CertificateSubjectNameCommonName" -a "ASPNET"

And that is all.

Posted: 03/01/2013 03:38:51
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you very much for posting the solution!
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.



Topic viewed 6064 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!