Best IT Recipes

IIS 7 Error "The specified login session does not exist. It may already be completed." when using https

I am trying to create client certificate authentication for my asp.net site.

To create client certificates, you must first create a Certificate Authority:

makecert.exe -r -n "CN = My Personal CA" -pe -sv MyPersonalCA.pvk -a sha1 -len 2048 -b 01/01/2013 -e 01/01/2023 -i authority MyPersonalCA.cer

Then I need to import it into IIS 7, but since it accepts .pfx format, I will convert it first

pvk2pfx.exe -pvk MyPersonalCA.pvk -spc MyPersonalCA.cer -pfx MyPersonalCA.pfx

After importing MyPersonalCA.pfx, I try to add the https site binding to my website and select the above as an SSL certificate, but I get the following error:

enter image description here

Any suggestions?

+46
ssl iis client-certificates
Feb 19 '13 at 8:41
source share
14 answers

It should be some kind of IIS error, but I found a solution.

1- Export MyPersonalCA.pfx from IIS.

2- Convert it to .pem :

openssl pkcs12 -in MyPersonalCA.pfx -out MyPersonalCA.pem -nodes

3- Convert it back to .pfx :

openssl pkcs12 -export -in MyPersonalCA.pem -inkey MyPersonalCA.pem -out MyPersonalCA.pfx

4- Import it back to IIS .

+9
Feb 19 '13 at 11:04 on
source

I ran into this problem but fixed it differently. I believe that the account I used has changed from the moment I first tried to configure the certificate for the time when I returned to finish the job, thereby creating a problem. What the problem is, I don’t know, but I suspect that this is due to some hash from the current user, and this is incompatible in some scenarios when the user is modified or recreated, etc.

To fix this, I pulled out all the links of the corresponding certificate from IIS and the Certificates snap-in (for the current user and local computer):

IIS certificates

mmc.exe -> add / remove snap-ins, choose certificates then local computer or current user

Then I imported the * .pfx file into the certs snap-in in the MMC, placing it in the Local Computer \ Personal node:

  • Right-click node Certificates under Personal (under Local Computer as root)
  • All Tasks → Import
  • Go through the wizard to import * .pfx

From now on, I was able to return to IIS and find it in the server certificates. Finally, I went to my site, edited the bindings and selected the correct certificate. It worked because the user was consistent throughout the process.

By the time mentioned in another answer, you do not need to resort to marking it as exportable, as a serious security problem. You effectively allow anyone who can get into the mailbox with a similar set of permissions to take your certificate with you and import it to another location. Obviously, this is not optimal.

+50
Sep 15 '14 at 18:54
source

Security warning : what the flag means is that the certificate can be read by users who cannot read it. For example, a user starts an IIS workflow. Use a different answer instead.

It happened to me, and it was fixed if "Allow the export of this certificate" is checked during import:

enter image description here

(thanks to this post !)

+44
Oct 18 '13 at 14:09
source

Nobody probably cares anymore, but I just ran into this problem with the IIS 7 website binding. As I fixed it, he went to the Certificate Authority and found a certificate issued to the server with the problem. I checked the user account that requested the certificate. I Then I went to the IIS server using RDP with this account. I was able to rewrite the https protocol only with this account. No export, republishing, or expansion hackers are required.

+6
Dec 26 '13 at 14:21
source

In our case, this problem arose because we installed the certificate in a virtual machine and made an image for future use.

When you create another virtual machine from a previously created image, the certificate sends a message.

To avoid this, be sure to install a certificate on each new virtual machine.

+4
Nov 07 '13 at 13:45
source

We had the same problem due to incorrect import of the certificate into the certificate store of the current user. Removing it from the current user's repository and importing it into the Local Computer certificate repository solved the problem.

+4
Aug 17 '15 at 15:42
source

I got this error due to an incorrect openssl command line during export of PKCS # 12 certificate. -Certfile key was incorrect. I exported the certificate again and it was successfully imported.

+2
Jan 20 '14 at 12:45
source

I had the same problem. It will be solved by removing the certificate from the personal store (someone put it down) and from the web hosting. All this is done through the IIS manager. Then I added it to the web hosting repository again (everything is verified), and again I can use HTTPS ...

+2
Jun 10 '15 at 7:36
source

In my case, this happened because the user of the World Wide Publishing Service did not have certificate permissions. After installing the certificate, go into the certificate module in MMC and right-click the certificate with this problem. Select "Manage private keys ..." in the "All Tasks" menu and add the specified user. This was a SYSTEM user in my case.

0
Sep 02 '15 at 7:01
source

I was able to resolve this issue by importing a PFX SSL certificate file using Windows Certificate Manager.

http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates

0
Sep 22 '15 at 6:18
source

I had this problem today and am forced to post my decision in the hope that you will lose less hair than I just did.

After we reviewed the above solutions, we had to re-issue an SSL certificate from an SSL provider (RapidSSL releases as a reseller for GeoTrust).

In this process there was no cost , only five minutes of waiting until the confirmation letters arrived (admin @), and we again got access.

Once we got the answer, we used IIS> Server Certificates to install it. We do not need MMC snap-ins.

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO5757

We left the remote desktop window on the server open in order to avoid any problems with different accounts / login sessions, etc. I believe this is an IIS error, as another expert believes, since we only have one RDC account. The most unpleasant thing is that the same certificate works fine for two months before it suddenly “breaks”.

0
Mar 29 '16 at 9:32
source

Instead of importing the certificate from IIS, do this with the MMC. Then go to IIS to bind.

0
Jun 07 '16 at 9:26
source

In my case, I recently imported a new version of the certificate (PFX for IIS) from StartSSL and forgot to delete the old one, which somehow caused this error (now the two types of certificates are the same). I deleted both of them, imported the correct one, and now it works.

0
Sep 10 '16 at 19:07
source

I was getting this error when trying to bind localhost pfx cert for my development machine. Before I tried to do this, try something simpler first.

  • Closed any localhost website that I opened.
  • Stopped my IIS server and closed the manager
  • run dispatcher as admin
  • Added all my https bindings, no errors or problems this time.
  • restarted iis

After that, everything works.

0
May 04 '17 at
source


More articles:


All Articles