locked
An application is requesting access to a protected item-CryptoAPI Private Key popup RRS feed

  • Question

  • Hi ,

    I am running a sample app using RTC API  to send IM to the selected client.
    I have attached the certificate to the Connection manager.
    When i run this application in Windows 2003 Server machine.
    On  "_SipEndpoint.Register();"  i am getting the below popup

    "An application is requesting access to a protected item"
    "CryptoAPI Private Key "
    with OK CANCEL buttons.

    Once i click OK its allowing to establish connection and send message properly.

    Could any one help me on this "How to suppress this programatically" without changing any Local policy Settings in the server?

    Thanks in Advance,
    Raj
    Thursday, February 18, 2010 9:43 PM

Answers

  • I have finally figured out what was going on.

    Every time I'd publish my app (Click-Once deployment) I would be prompted to allow access to our digital code-signing certificate.  I never got an answer on this so, I just kept clicking the button to allow it.  The problem was that my publication and deployment is done with another app I wrote (so it is automated) and having to be available to click that button was annoying.  We recently renewed our certificate and when importing it onto my build machine, i saw a check box that if checked, would warn me every time the cert was requested.  I must have ckecked that two years ago.

    Problem solved.


    Steve

    Thursday, August 8, 2013 4:45 PM

All replies

  • This is probably happening because your application needs to have Read and Execute permission for the file on disk that contains the private key data for the certificate that you are using for the connection.

     

    There is a nice post on this issue here:  http://www.leastprivilege.com/HowToGetToThePrivateKeyFileFromACertificate.aspx

    Read that and see if setting the ACL on the key file solves your problem.


    Oscar Newkerk Consultant Oscarnew Consulting
    • Proposed as answer by Oscarn Wednesday, June 9, 2010 9:46 PM
    Wednesday, June 9, 2010 9:46 PM
  • Raj, are this app using some kind of certificate?

    This could happen when you exported/imported a cert that have the "Enable strong protection" option checked. Try to repeat the export/import process without this option checked.

    Also, be sure to

    a) Have the private key as exportable when you make the export/import process

    b) Grant permissions to the desired user over this key.

    You can use the WinHttpCertCfg.exe tool (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19801)

    WinHttpCertCfg.exe -g -a "DOMAIN\User" -c LOCAL_MACHINE\My -s "IssuedTo"

    You may also want to try

    WinHttpCertCfg.exe -g -a "DOMAIN\User" -c CURRENT_USER\My -s "IssuedTo"

    if the cert is located at user store

    User can be local or a domain one.

    Hope this helps.

    Cheers.

    • Proposed as answer by Cristian Zanni Thursday, March 8, 2012 7:30 PM
    Thursday, March 8, 2012 7:29 PM
  • I have a Digital Code-Signing Cerfiticate from VeriSign.  I publish our software using Click-Once.  With our previous certificate, i never got prompted.  Now, with this new one, I get "An application is requesting access to a protected item".  I have built an automated build process that uses MSBuild and, if i am not sitting in front of my computer to click that stupid prompt, the publication never happens.  I want to know how to bypass this prompt.  OF COURSE I WANT TO ALLOW ACCESS - I INSTALLED THE CERT!  I tried the code above but, i get

    C:\Program Files (x86)\Windows Resource Kits\Tools>winhttpcertcfg -l -c CURRENT_USER\Root -s "Alvord Technologies"
    Microsoft (R) WinHTTP Certificate Configuration Tool
    Copyright (C) Microsoft Corporation 2001.

    Error:  Unable to find or obtain a context for requested certificate

    This has become a stumbling block.  Can anyone help a dog out?


    Steve

    Saturday, September 15, 2012 2:14 PM
  • I have finally figured out what was going on.

    Every time I'd publish my app (Click-Once deployment) I would be prompted to allow access to our digital code-signing certificate.  I never got an answer on this so, I just kept clicking the button to allow it.  The problem was that my publication and deployment is done with another app I wrote (so it is automated) and having to be available to click that button was annoying.  We recently renewed our certificate and when importing it onto my build machine, i saw a check box that if checked, would warn me every time the cert was requested.  I must have ckecked that two years ago.

    Problem solved.


    Steve

    Thursday, August 8, 2013 4:45 PM
  • If you export the certificate out (with private key and all extended properties), you can then import it back in and uncheck the Extended security option which causes the prompting.  So then you don't have to click OK on the stupid prompt for the next X years until you need to renew the certificate.  Hope this helps "a dog" out as Steve says
    Wednesday, April 26, 2017 9:19 PM
  • We've just renewed our authenticode certificate from Symantec and had the same problem. The installation was automated so it would appear the default is to require confirmation when accessing the private key. Exporting and re-importing the certificate fixed the problem. Ensure the enable strong protection is unchecked when re-importing.


    Friday, March 16, 2018 11:50 AM