IIS 7 Error "A specified logon session does not exist. It may already have been terminated." when using https

I am trying to create Client Certificates Authentication for my asp.net Website.

In order to create client certificates, I need to create a Certificate Authority first:

makecert.exe -r -n “CN=My Personal CA” -pe -sv MyPersonalCA.pvk -a sha1 -len 2048 -b 01/01/2013 -e 01/01/2023 -cy authority MyPersonalCA.cer

Then, I have to import it to IIS 7, but since it accepts the .pfx format, i convert it first

pvk2pfx.exe -pvk MyPersonalCA.pvk -spc MyPersonalCA.cer -pfx MyPersonalCA.pfx

After importing MyPersonalCA.pfx, I try to add the https site binding to my Web Site and choose the above as SSL Certificate, but I get the following error:

enter image description here

Any suggestions?


I ran across this same issue, but fixed it a different way. I believe the account I was using changed from the time I initially attempted to set up the certificate to the time where I returned to finish the work, thus creating the issue. What the issue is, I don't know, but I suspect it has to do with some sort of hash from the current user and that is inconsistent in some scenarios as the user is modified or recreated, etc.

To fix it, I ripped out of both IIS and the Certificates snap-in (for Current User and Local Computer) all references of the certificate in question:

IIS certificates

mmc.exe --> add/remove snap-ins, choose certificates then local computer or current user

Next, I imported the *.pfx file into the certs snap-in in MMC, placing it in the Local Computer\Personal node:

  1. Right-click the Certificates node under Personal (under Local Computer as the root)
  2. All Tasks -> Import
  3. Go through the Wizard to import your *.pfx

From that point, I was able to return to IIS and find it in the Server Certificates. Finally, I went to my site, edited the bindings and selected the correct certificate. It worked because the user was consistent throughout the process.

To the point mentioned in another answer, you shouldn't have to resort to marking it as exportable as that's a major security issue. You're effectively allowing anyone who can get to the box with a similar set of permissions to take your cert with them and import it anywhere else. Obviously that's not optimal.


Security warning: what the checkbox really means is that the certificate can be read by users that shouldn't be able to read it. Such as the user running the IIS worker process. In production use the other answer instead.

Happened to me too, and was fixed by ensuring that "Allow this certificate to be exported" is checked when you import it:

                                            enter image description here

(thanks to this post!)


This must be some kind of IIS bug, but I found the solution.

1- Export MyPersonalCA.pfx from IIS.

2- Convert it to .pem:

openssl pkcs12 -in MyPersonalCA.pfx -out MyPersonalCA.pem -nodes

3- Convert it back to .pfx:

openssl pkcs12 -export -in MyPersonalCA.pem -inkey MyPersonalCA.pem -out MyPersonalCA.pfx

4- Import it back to IIS.