If you are using windows server 2008 or windows 7, then you need the permission to read private key.
- use FindPrivateKey tool to find path.
For example:
FindPrivateKey My LocalMachine -n “CN=MyCert” –a
it returns the path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys[File Name]
-
Go to that path and open file properties
-
Go to security tab
-
Click on “Edit” then “Add”
-
In opened dialog write: IIS AppPool\[your application pool name] and click OK
Now your application pool has permission to read this private key.