Share via

Error selecting a SSL certificate when we edit site binding

Anonymous
2024-03-08T11:51:40+00:00

Hi all,

when we try to associate a SSL Certificate to a Site using the Edit Site Binding we get an error:

"A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)"

We are using IIS on Windows Server 2019 Standard

We have checked the Event Viewer and at the System event viewer we have viewed this associated error message:

"A fatal error occurred when attempting to access the TLS server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001."

We have re-imported the certificate, restarted the IIS service, the entire Windows Server, but nothing works and the error persists.

Any idea why this error happens?

Thanks in advance,

Pedro.

Windows Server Networking

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-03-11T08:53:59+00:00

    Hello,

    Based on the error message you provided, it seems that the issue might be related to a problem with the private key associated with the SSL certificate.

    Here are a few things you can try to resolve the issue:

    1. Check the permissions on the private key file: Make sure that the user account running the IIS service has read permissions on the private key file associated with the SSL certificate.
    2. Verify that the private key is accessible: You can use the certutil command-line tool to verify that the private key is accessible. Open a command prompt and run the following command: certutil -repairstore my "Certificate Thumbprint". Replace "Certificate Thumbprint" with the thumbprint of the SSL certificate.
    3. Check the cryptographic service provider: Make sure that the cryptographic service provider (CSP) used to generate the SSL certificate is installed on the server and is accessible to the user account running the IIS service.
    4. Verify that the SSL certificate is valid: Make sure that the SSL certificate is valid and has not expired. You can use the certutil command-line tool to verify the validity of the SSL certificate. Open a command prompt and run the following command: certutil -verify "Certificate Thumbprint". Replace "Certificate Thumbprint" with the thumbprint of the SSL certificate.

    I hope this helps!

    Regards,

    Zunhui

    0 comments