Error: "Access is denied" when attempting to download Certificate and key from the Web Console


When attempting to download a certificate and private key from Venafi Director, a popup with the following error is displayed:

An error occurred while downloading certificate: Access is denied.


There are two possible causes for this error message:

  1. Insufficient Rights to the Certificate object within Venafi Director
  2. Insufficient Windows rights to: C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18


For the causes above, here are the steps to resolve:

Issue 1: Verify that the user has at minimum the following rights to that Certificate object.

  • View
  • Read
  • Write
  • Private Key Read

Issue 2:

  1. Verify that the account that the VEDAdmin application pool runs as has full control to C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
  2. To verify, the following command can be run from an administrative command prompt:cacls C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
Was this article helpful?
0 out of 0 found this helpful