Error: Access was not successfully obtained for the private key. This can only be done by the user who installed the certificate.


SYMPTOMS

Cannot connect an email client to a mailbox when configured to use SSL. 

Secure Sockets Layer not working or not encrypting even though it is enabled and configured within MailEnable.

When SSL is not working check the service debug log for more details. For SSL you should stop and start the service you are having the issue with and try to connect. Some errors regarding SSL are only logged when the services are first started.

You should see something similar to the following in the debug log:

06/30/10 11:57:48    Permissions error opening the certificate store. Inbound SSL will fail unless this service has permissions to the store. See http://www.mailenable.com/kb/content/article.asp?ID=ME020479
06/30/10 11:57:48    **** Error creating credentials object for SSL session
06/30/10 11:57:48    Unable to locate or bind to certificate with name "certificatename.com"

CAUSE

The certificate cannot be accessed by the MailEnable services.  You maybe seeing the errors in the subject of this article when you run the following command:

winhttpcertcfg -g -c LOCAL_MACHINE\My -s certificatename.com -a IME_SYSTEM

After running this command you get the following results:

Error: Access was not successfully obtained for the private key.
       This can only be done by the user who installed the certificate.

RESOLUTION

Before you make any changes in this article make sure you have firstly completed the two steps found within the article below in the "MORE INFORMATION" section.

To overcome this issue you may need to grant the IME_SYSTEM account access to the following folder store:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

MORE INFORMATION

The resolution above is only applicable if you have already followed the information in the following article:

http://www.mailenable.com/kb/content/article.asp?ID=ME020479



Product:MailEnable
Category:Environment
Article:ME020546
Module:WebMail
Keywords:SSL,ssl,certificate
Class:PRB: Product Problem or Issue
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable