Error "Key not valid for use in specified state" when trying to log in to the application server (258576)

Error "Key not valid for use in specified state" when trying to log in to the application server

When attempting to log in to the Application Server, an error is thrown.  The following message is present in the logs:

"[System.Security.Cryptography.CryptographicException] Key not valid for use in specified state."

The app pool for the site does not have sufficient rights to the private key of the token certificate.

There are two known root causes at this time.

SOLUTION 1:

Ensure that when the Certificate was imported onto the Web Server, the option "Mark this key as Exportable" was selected.

SOLUTION 2:

Grant the necessary rights to the application pool using the Certificates snap-in under the Microsoft Management Console.

1. Open the Microsoft Management console (type "MMC" in the Start Menu).
2. Under "Certificates (Local Computer)" select "Personal" and then "Certificates". (Please see additional instructions below if "Certificates" is not present).
3. Right-click on the certificate for the Application Server and select "All Tasks > Manage Private Keys..."
   
4. Add the Read permission for the application pool.
   

If the "Certificates (Local Computer)" option is not present in MMC, follow these steps to add it:

1. Open the File menu and select "Add/Remove Snap-in".
2. From the "Available snap-ins" list add "Certificates".
3. Set the snap-in to manager certificates for "Computer account".
4. On the Select Computer screen select "Local computer".
5. Click on "Finish".