Tag Archives: certificate

RDP failed, and got system event ID 36870 fatal error occurred when attempting to access the SSL server credential private key.

It’s a wired issue.
Port 3389 is open, and can telnet to it. But if try to RDP to the server, the RDP connection will failed immediately.
And in system event log, there is an error message said “Description: A fatal error occurred when attempting to access the SSL server credential private key.”

After investigation, found out this issue was caused by the incorrect file permission were set on files within C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.

So the fix is, grant system full control access to folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys as well as all files within this folder.

Disable IE Certificate Revocation Check

If groupolicy disabled you to do so, then we still can turn off certificate revocation check in registry

In registry editor browse to the following key:

Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal

Install PFX certificate on ESXi host

1. Install OpenSSL version 0.9.8 for windows, you can get it from below link:
http://slproweb.com/download/Win32OpenSSL_Light-0_9_8zb.exe
2. Install it on a windows machine. By default, OpenSSL will be installed to C:OpenSSL
3. Copy the pfx certificates into folder C:OpenSSLbin
4. Run command line as administrator, and go to folder C:OpenSSLBin
5. Use below command to covert the certificate:
a. Generate crypt key file for the certificate via below command:

During this step, it will ask for pfx certificate password and the pass phrase for the key. Use any word you like as the pass phrase, do not use blank pass phrase.
Then use below command to decrypt the key. In this step it will ask you the pass phase you used before.

b. Generate crt file for the certificate via below command:

6. Done. Now you can install the certificate for ESXi host

IIS: SSL Certificate Disappearing after import

After import the certificate into IIS, when I navigated away from the Server Certificates window, the certificate would disappear.
I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.

After investigate, I found below solution for this issue:

Save the three portions of the certificate into three separate files (Note: The Intermediate Certificate is optional, if you were not supplied with one, just skip the steps involving it):

privatekey.txt – Copy and paste the contents of the private key including the begin and end lines.
certificate.txt – Copy and paste the contents of the Regular Certificate including the begin and end lines.
intermediate.txt – Copy and paste the contents of the Intermediate Certificate including the begin and end lines.

Upload all these files to a linux server, and run

then import the certificate.pfx into IIS