Ninja Nichols

The discipline of programming

The certificate’s private key could not be accessed.

Parser Error Message: ID1024: The configuration property value is not valid.

PropertyName: serviceCertificate

Error: ID1039: The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user.

After redeploying one of our IIS applications, we suddenly started getting this error message. We verified that the fingerprint matched the expected certificate and that the Application Pool setting “Load User Profile” was set to true.

The fix was to allow the AppPool user (NETWORK SERVICE) to read the certificate private key).

  1. Open the MMC snap-in by running mmc.exe.
  2. Select File -> Add/remove snap-in. Select Certificates and click “Add”.
  3. Select “Computer Account”. Click Finish. Click Next.
  4. Drill down to Personal -> Certificates.
  5. Right-click your certificate and select All Tasks -> Manage private keys.
  6. Add NETWORK SERVICE and give it “read” privileges.