none
PFX Certificates showing different behavior (Key Spec 1 and 0) in two different servers RRS feed

  • Question

  • I am using Windows Server 2008 R2. When I am installing the pfx certificates on Server and my Laptop (MMC Store) I see difference on KeySpec of the certificates.  

     

    1. In Server:

    Provider = Microsoft Strong Cryptographic Provider

    ProviderType = 1

    Flags = 20

    KeySpec = 0

     

    2. In Laptop

    Provider = Microsoft Strong Cryptographic Provider

    ProviderType = 1

    Flags = 20

    KeySpec = 1 -- AT_KEYEXCHANGE

     

    In old Microsoft blog, it says that for proper handshake, Keyspec should have value’1’ and if it is not having that value then problem is with certificate. But here I have same certificate giving different Key-Spec values in different Machine. Is there any setting on MMCor IIS level which is forcing the certificates to take different value than '1'.

     

    Probably Due to this, Sites on IIS is not working and giving error ‘Page can-not be displayed’. While importing the certificate I had checked the box ‘Allow this certificate to be exported’. I also checked the permissions on ‘C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys’ and it has the full control of network services (as App pool runs under network services).

     

    Please advise on how can I fix this issue.

    Monday, September 28, 2015 8:51 AM

All replies