9

Got a strange issue that I just can't find any clues. We have a program (Qlikview) which talks to a remote admin service via SSL (Qlikview Server) but it uses the certificate to validate the client.

The issue is happening on any client computer (replicate on different machines). The process happens/replicates the issue:

  1. Install .pfx certificate with private key on local computer > personal. (using MMC console).

  2. Application launches (works perfectly) and can use certificate.

  3. Reboot PC, application fails with an error message: Could not establish secure channel for SSL/TLS with authority (due to the certificate error)

  4. Reinstall certificate and application works again.

  5. Reboot PC and the application fails to work again. (repeat process).

In an effort to see if we could replicate further, I exported and then re-imported the failed certificate and the application worked again. We can replicate it with other applications which use the same method of authentication. The certificate at either stage (viewing in the MMC) appears as valid and correct at each step.

I am really at a loss. Any advice is appreciated.

Putnik
  • 2,095
  • 3
  • 23
  • 40
user2728476
  • 91
  • 1
  • 1
  • 3

3 Answers3

7
  1. Right-click the certificate in MMC console ->All Tasks-> Manage Private Keys.
  2. Add the needed users to access Now, Reboot the system and try it will work.

enter image description here

Sven
  • 97,248
  • 13
  • 177
  • 225
Sabarish
  • 71
  • 1
  • 2
6

I had this issue and just barely figured it out. After you install the certificate you can right click on it in the MMC snap in go to All Tasks, then Manage Private Keys. From there you can add whatever user you want to have access to the certificate key after the computer reboots.

5

I know this is old, but it's an issue that I have been fighting and have finally won. The above answer is correct, but it is not complete.

I read the answer as suggesting that all anyone needs to do is select a user from the list as supplied, like, in my case, SYSTEM, Administrators(ComputerName) and some weird selection like S-1-5-5-2 blah, blah. None of those worked.

What I finally discovered, though, is that I needed to add a valid user to the list and select that user. For me it worked using my own user name, but I also tried it with IUSR, and it worked with that also.

I spent many, many hours and lots of server reboots coming to this conclusion. I hope this helps prevent that for someone else.

Bill Norman
  • 151
  • 1
  • 1