发表新帖
发表新帖

IIS 7 Error “A specified logon session does not exist. It may already have been terminated.” when using https

后端 未结
关注
19 885
情书的邮戳
情书的邮戳 2021-01-30 19:58

I am trying to create Client Certificates Authentication for my asp.net Website.

In order to create client certificates, I need to create a Certificate Authority first:<

相关标签:
19条回答
  • 醉话见心
    2021-01-30 20:17

    I ran across this same issue, but fixed it a different way. I believe the account I was using changed from the time I initially attempted to set up the certificate to the time where I returned to finish the work, thus creating the issue. What the issue is, I don't know, but I suspect it has to do with some sort of hash from the current user and that is inconsistent in some scenarios as the user is modified or recreated, etc.

    To fix it, I ripped out of both IIS and the Certificates snap-in (for Current User and Local Computer) all references of the certificate in question:

    IIS certificates

    mmc.exe --> add/remove snap-ins, choose certificates then local computer or current user

    Next, I imported the *.pfx file into the certs snap-in in MMC, placing it in the Local Computer\Personal node:

    1. Right-click the Certificates node under Personal (under Local Computer as the root)
    2. All Tasks -> Import
    3. Go through the Wizard to import your *.pfx

    From that point, I was able to return to IIS and find it in the Server Certificates. Finally, I went to my site, edited the bindings and selected the correct certificate. It worked because the user was consistent throughout the process.

    To the point mentioned in another answer, you shouldn't have to resort to marking it as exportable as that's a major security issue. You're effectively allowing anyone who can get to the box with a similar set of permissions to take your cert with them and import it anywhere else. Obviously that's not optimal.

    0 讨论(0)
  • 佛祖请我去吃肉
    2021-01-30 20:22

    I was getting same error whilst binding the certificate, but fixed after deleting the certificate and importing again through mmc console.

    0 讨论(0)
  • 遇见更好的自我
    2021-01-30 20:22

    In my case I imported a newer version of a certificate (PFX for IIS) from StartSSL just recently and forgot to remove the old one, which somehow caused this error (now two certs sort of the same). I removed both of them, imported the proper one, and now it works.

    0 讨论(0)
  • 执念已碎
    2021-01-30 20:25

    Try :

    1. Go into IIS and delete "VSTS Dev Router" web site and "VSTS Dev Router Pool" application pool.
    2. Run “certlm.msc” and open Personal/Certificates
    3. Delete any cert named “*.vsts.me” and "vsts.me"
    4. Re-deploy
    0 讨论(0)
  • 感动是毒
    2021-01-30 20:27

    I had the same issue. Solved by removing the certificate from de personal store (somebody put in it) and from the webhosting. All done through the IIS manager. Then I added again to the webhosting store (with everything checked) and I can use HTTPS again...

    0 讨论(0)
  • 一个人的身影
    2021-01-30 20:27

    According to the MSDN blog post, this can happen when the current user account doesn't have permission to access the private key file which is under the folder "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys". Apparently this can be resolved by granting the user account / user group Full Access permission to the above folder.

    I've come across the same issue, and was able to resolve it by simply re-importing the .pfx file with the Allow this certificate ti be exported checkbox selected.

    However, this method imposes a security risk - as any user who has access to your IIS server will be able to export your certificate with the private key.

    In my case, only I have access to my IIS server - therefore it was not a huge risk.

    0 讨论(0)
 看不清?
提交回复
热议问题