Question : Access denied error when using IIS Certificate Wizard to renew Thawte certificate

I currently have an SSL123 Thawte certificate on my Exchange server. It is set to expire soon, so I'm trying to renew it. I am using the IIS 6 Certificate Wizard to create the new Certificate Signing Request (CSR). When I get to the last screen with the summary of information that will be used and click next I get an error that says "Access is Denied."

I am able to remove the current certificate, reinstall the current certificate, but am unable to create a CSR for a new certificate or for a renewal. This happens if I choose to send it directly to Thawte or if I choose to create it in a file and save it to send later.

I've tried this while logged in as a domain administrator and the local administrator.

The only thing that I know of that has changed is that we had a domain controller that was our organization's CA crash. We haven't been able to restore it. We have other domain controllers, so that wasn't a big deal, but it was our only CA. Is this something that could be related?

There aren't any error messages in the event log.

Thanks,

Andrew

Answer : Access denied error when using IIS Certificate Wizard to renew Thawte certificate

Found this solution on a MS site and it worked for me.

Go to c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys

Go to properties - security, click on advanced.

Select the administrators group (which should have full access already), and change the setting from "this folder only" to "this folder, subfolder and files".

After that the certificate requests suddenly worked.