I am trying to deploy an MVC4 application to Windows Server 2008 R2 with IIS7, the application uses a third party library for ADFS authentication and authorisation which requires 3 certificates. All of the certificates are already installed on the server but I have steps in my deployment to redeploy them so that certificates can be managed by the support team.
In the Certificate step I have an access rule specified that should allow the service account to access the private key.
I am currently getting the following when the certificate install step is executed
There was an error importing the certificate into the store
Error
Could not set security on private-key
Error
System.Exception
Error
at Calamari.Integration.Certificates.WindowsX509CertificateStore.AddPrivateKeyAccessRules(ICollection`1 accessRules, SafeCertContextHandle certificate)
Error
at Calamari.Integration.Certificates.WindowsX509CertificateStore.AddPrivateKeyAccessRules(String thumbprint, StoreLocation storeLocation, String storeName, ICollection`1 privateKeyAccessRules)
Error
at Calamari.Commands.ImportCertificateCommand.ImportCertificate(CalamariVariableDictionary variables)
Error
at Calamari.Commands.ImportCertificateCommand.Execute(String[] commandLineArguments)
Error
at Calamari.Program.Execute(String[] args)
Error
--Inner Exception--
Error
Cannot find the certificate and private key for decryption.
Error
System.Security.Cryptography.CryptographicException
Error
at Calamari.Integration.Certificates.WindowsX509CertificateStore.SetCspPrivateKeySecurity(SafeCertContextHandle certificate, ICollection`1 accessRules)
Error
at Calamari.Integration.Certificates.WindowsX509CertificateStore.AddPrivateKeyAccessRules(ICollection`1 accessRules, SafeCertContextHandle certificate)
Fatal
The remote script failed with exit code 100
Fatal
Deploy ADFS Token Encryption Certificate on Application Server