EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Failed to acquire key context error when using local root certificate

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 02/28/2013 03:49:28
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26


thanks for all of your answers, really. I have moved the access type an putted it before setting the storage name. Also I have putted the ReadOnly to true before opening the storage. With this changes, the intermediate program I mentioned in earlier posts, goes perfect. But my web App fails ... The error that happens it is just like the first of the post:

"Signing failed: Failed to acquire key context"

at SBCryptoProvWin32.TElWin32CryptoProvider.SignFinal(TElCustomCryptoContext Context, Byte[]& Buffer, Int32 StartIndex, Int32& Size, TElCPParameters Params, TSBProgressFunc ProgressFunc, Object ProgressData)

at SBPublicKeyCrypto.TElRSAPublicKeyCrypto.SignFinal()

at SBPublicKeyCrypto.TElPublicKeyCrypto.InternalSignDetached()

at SBPublicKeyCrypto.TElPublicKeyCrypto.SignDetached(Byte[] InBuffer, Int32 InIndex, Int32 InSize, Byte[]& OutBuffer, Int32 OutIndex, Int32& OutSize)

at SBCMS.TElCMSSignature.SignSubject(TElX509Certificate Cert, Boolean AsyncOperation, TElDCAsyncState& State)

at SBCMS.TElCMSSignature.Sign(TElX509Certificate Cert, TElCustomCertStorage Chain)

at SBPAdES.TElPDFAdvancedPublicKeySecurityHandler.SignHash(Byte[] Hash, Int32 StartIndex, Int32 Count)

at SBPDF.TElPDFDocument.InsertActualSignatureInformation(Boolean IncrementalUpdate)

at SBPDF.TElPDFDocument.Close(Boolean Save)

at Fullstep.PMPortalWeb.OfertasPDF.CloseCurrentDocument(Boolean saveChanges) in D:\FULLSTEP PORTAL\Version_31900_8\NET\PMPortalWeb\script\ofertas\OfertasPDF.aspx.vb:line 349

Know it is sure that I am accessing the local machine root certificates store, and also it is sure that the certificate with which I am trying to sign has the private key (Because with the intermediate program the signing ends successfully). So I think that this can be user permissions problem, that the user "Network Service" can't use a certificate from local machine root certificates store for signing (although this user can load in TelWinCertStorage the list of local machine root certificates).
Posted: 02/28/2013 04:25:29
by Ken Ivanov (Team)


This is definitely a permissions issue. Please check this Microsoft tool that might help to set up the access rights correctly.
Posted: 02/28/2013 04:31:14
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Thank you very much, really.

I will post here the solution when I find it.
Posted: 03/01/2013 03:36:10
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26


For the last problem I got, I post the solution which worked here:

- In command line execute mmc. Then when the window of mmc opens File -> Add/Remove Snap in ... -> Add ... -> Certificates -> Add -> Computer Account -> Next -> Finish -> Close -> OK

- Then open in the mmc browser Console Root -> Certificates (Local Computer) -> Trusted Root Certificates Authorities -> Certificates and right click on it, then All Task -> Import ... -> Next -> Browse ... (and select the .pfx with the private key) -> Next -> Enter the password in the textbox -> Mark key as exportable -> Next -> Place all certificates in the following store -> Browse ... (and select Trusted Root Certification Authorities) -> Next -> Finish

- Then download at Windows Server 2003 Resource Kit Tools


and install it.

- Then execute in command line

winhttpcertcfg -g -c LOCAL_MACHINE\Root -s "CertificateSubjectNameCommonName" -a "ASPNET"

And that is all.

Posted: 03/01/2013 03:38:51
by Vsevolod Ievgiienko (Team)

Thank you very much for posting the solution!
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 7017 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!