When attempting to download a certificate and private key from Venafi Director, a popup with the following error is displayed:
An error occurred while downloading certificate: Access is denied.
There are two possible causes for this error message:
- Insufficient Rights to the Certificate object within Venafi Director
- Insufficient Windows rights to: C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
For the causes above, here are the steps to resolve:
Issue 1: Verify that the user has at minimum the following rights to that Certificate object.
- Private Key Read
- Verify that the account that the VEDAdmin application pool runs as has full control to C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
- To verify, the following command can be run from an administrative command prompt:cacls C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18