Troubleshooter: Application Certificate cannot be accessed

Currently, the platform prepends the characters "WildcatApp-" to the application ID, and uses that as the name of the certificate to look up. So, the certificate that HelloWorld uses is:

WildcatApp-05a059c9-c309-46af-9b86-b06d42510550

If the certificate cannot be accessed, the application will not run. There are several possible causes:

1. The certificate is not installed in the machine's certificate store.
2. The certificate is installed but does not have the correct name
3. The certificate is installed with the correct name, but the process that the web server is running under does not have access to that certificate.

The first two can be verified by running "Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc, and checking for the existence and name of the certificate.

The third can be checked using the winhttpcertcfg tool in "Program Files\Microsoft HealthVault\SDK\Tools\" to find out what accounts have access to the certificate. To view the accounts that have access to the HelloWorld certificate, for example, the command line is:

winhttpcertcfg.exe -l -c LOCAL_MACHINE\My -s WildcatApp-05a059c9-c309-46af-9b86-b06d42510550

At the bottom of the output, it will tell you which accounts and groups have access to the private key. If the username listed in the Troubleshooter output is not listed, access can be granted using winhttpcertcfg. The samples contain batch files that can be used as templates, or it can be done directly with:

winhttpcertcfg.exe -a <account-name> -c LOCAL_MACHINE\My -s WildcatApp-05a059c9-c309-46af-9b86-b06d42510550

(using the proper certificate name instead of the HelloWorld one listed here...)

Comments

• Anonymous
  December 12, 2007
  PingBack from http://msdnrss.thecoderblogs.com/2007/12/12/troubleshooter-application-certificate-cannot-be-accessed/

• Anonymous
  January 29, 2008
  The 4th possible cause is that the certificate is installed but does not have the private key.  I found this cause after I mistakenly provided my co-developer the same certificate that I gave Microsoft to request my own application ID.

• Anonymous
  December 05, 2008
  When running the troubleshooting app under IIS, I get this error for the WildcatApp-05a059c9-c309-46af-9b86-b06d42510550 certificate.  App indicates that certificate is found. I executed winhttpcertcfg.exe and it indicates that NT AUTHORITY/NETWORK USER has authority, which is what is displayed as domain/user in the troubleshooting app.  process is w3wp.   Certificate exists and has proper name per ComputerCertificates.msc., and we ran the batch files again just in case.  Application Manager tool indicates X in both "Has Private Key" and "ASP.NET under IIS" Same result. Any suggestions?

• Anonymous
  December 08, 2008
  Scott, Please ask questions on the forums linked from the MSDN site.