IIS 7 Error “A specified logon session does not exist. It may already have been terminated.” when using https

Question

I am trying to create Client Certificates Authentication for my asp.net Website.

In order to create client certificates, I need to create a Certificate Authority first:<

Answer 1

We found another cause for this. If you are scripting the certificate install using PowerShell and used the Import-PfxCertificate command. This will import the certificate. However, the certificate imported cannot be bound to a website in IIS with the same error as this question mentions. You can list certificates using this command and see why:

certutil -store My

This lists the certificates in your Personal store and you will see this property:

Provider = Microsoft Software Key Storage Provider

This storage provider is a newer CNG provider and is not supported by IIS or .NET. You cannot access the key. Therefore you should use certutil.exe to install certificates in your scripts. Importing using the Certificate Manager MMC snap-in or IIS also works but for scripting, use certutil as follows:

certutil -f -p password -importpfx My .\cert.pfx NoExport

See this article for more information: https://windowsserver.uservoice.com/forums/295065-security-and-assurance/suggestions/18436141-import-pfxcertificate-needs-to-support-legacy-priv