Fixed : Private Key or User Profile is inaccessible

SSL (Secure Sockets Layer) is an important security technique that creates an encrypted connection (to prevent third parties) between the client and the server. If you forget your credentials, you may have to manipulate SSL, which is not an easy task. You have to be careful because any error here can create many other errors.

One of many problems occurs when users try to import a private key from a Secure Sockets Layer (SSL) certificate file into the certificate store on the local PC. Many users report receiving an error message stating that the profile or private key is unavailable due to the lack of a cryptographic service provider on the PC.

This will give you information on how to change the registry. So before you do this, make sure that you have made a proper backup of the directory. There are a few tips that can solve the problem; they are listed here one by one.

 

What makes a user profile or private key inaccessible

What makes a user profile or private key inaccessible

According to Microsoft, there are 3 main reasons why this error occurs:

  • You do not have sufficient permissions to access the following folders:
    DriveLetter:Documents
    SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys
  • There is a third-party registry connection that prevents IIS from accessing the encryption service provider.
  • You are remotely connected to the computer via a Terminal Services session, and the user profile is not stored locally on the server that has Terminal Services enabled.

As you can imagine, it is now easy to find a logical solution if you know the cause of the problem.

 

Here’s how to solve the problem of not having access to a user profile or private key

Here's how to solve the problem of not having access to a user profile or private key

Reset permissions for the MachineKeys folder
  1. Right-click on the MachineKeys folder.
  2. On the Security tab, click the Advanced button.
  3. Click View / Edit
  4. Select the Reset permissions for all child objects check box and enable sharing of legacy permissions.
Remove a connection from the third-party registry
  1. Press Windows + R
  2. Type regedit.exe (The registry editor will open)
  3. If the following registry subkey exists, delete it:
    HKEY_USERSDefaultSoftwareMicrosoftCryptographyProvidersType 001.
Locally save the user profile for the “Terminal Services” session

In this case, ask your IT administrator to simply move the user profile to the server that has Terminal Services enabled. You can also use roaming profiles.

If you follow these steps, you can now import the SSL private key certificate file into the local computer’s private key certificate store without encountering further error messages.