More About Certificate Errors

Here is some help on diagnosing some of the common modes of failure with HealthVault certificate management.

Access denied

The most common cause of this error is that the application can find the certificate but the account running the app does not have the proper permissions to utilize its private key at run-time.  See the end of this article for more information on giving permissions manully, or use the App Manager tool in the SDK.

This error can also be triggered by attempting a read/write which the user has not authorized, or a number of other authorization-related errors.  You may need to look at the stack trace in order to figure out where your error lies.  But if you have never successfully connected to HealthVault from Machine X with AppId Y, the certificate is the best place to start.

Keyset does not exist

I have seen this in two different scenarios:

  • Application certificate is in the cert store, but that certificate only contains a public key.  So the app finds the cert but can't find the keyset that it wants.
  • Application certificate is in the file system but the application's service account doesn't have permission on this folder or file.  Having not run this scenario myself, I would have expected this to be another "access denied" but I learned today that it gives a "keyset does not exist" error.