No certificate was found for subject Name CN=IdentityTKStsCert

Go To


I'm going through WIF training kit. I'm getting the following error when trying to log in via STS site. I click log-in, then I'm redirected to STS web site and I see this No certificate was found for subject Name CN=IdentityTKStsCert

2012-04-04 17:55
by dev.e.loper


Found out where confusion was. I was putting Friendly Name of certificate in the web.config. The certificate common name is actually property called Issued To.

There is a part about certificate common name in this article.

2012-04-11 13:36
by dev.e.loper


In order to work on the Microsoft exercises, you need to set-up the environment ( with the correct certificates). Please follow the below setup instruction (Extracted from Microsoft link (now obsolete) - to install the requested certificates. The source files for the setup can be found on the upper right corner of the page here .


You must perform the following steps to prepare your computer for this lab.

  1. Open a Windows Explorer window and browse to the lab’s Source\Setup folder.
  2. Double-click the Dependencies.dep file in this folder to launch the Dependency Checker tool and install any missing prerequisites. This will also install some code snippets that will be used across the lab and the localhost certificate used in the second exercise by the local STS.

Note: This process may require elevation. The .dep extension is associated with the Dependency Checker tool during its installation. For additional information about the setup procedure and how to install the Dependency Checker tool, refer to the Setup.docx document in the Assets folder of the training kit.

  1. Once closed the code snippets installer, the setup script will proceed with the certificates installation. Press Y if you want to continue with the required certificates installation.

Note: If you already have a "localhost" certificate needed by another application, ensure to make a backup copy of it before continue with the lab's certificates installation.

Certificates installation finished

Note: If you are running Windows 7 or Windows 2008 R2 you might not see this window.

  1. When finished press any key to close the setup console.

Note: In addition to the setup script, inside the Source\Setup folder of this lab, there is a Cleanup.cmd file you can use to uninstall all the code snippets installed by setup scripts.

2012-11-15 20:04
by Karthik
Broken link... - ameliapond 2018-11-06 15:35
Thanks for notifying - MS link is obsolete now. I have copied the contents for the benefit of readers - Karthik 2018-11-06 22:21


If you run 'mmc' (Start->run->'mmc') you should be able to go into your Certificates snap-in for Computer account (File->Add\Remove Snap-in) in and check that Personal\Certificates has an entry with IdentityTKStsCert.

If it does, then try removing the 'CN=' from your web.config entry, like so (other identityModel config entries hidden):

        <certificateReference x509FindType="FindBySubjectName" findValue="IdentityTKStsCert" storeLocation="LocalMachine" storeName="My" />

Lastly, you may want to ensure IIS has access to the private key. Back in the Certificates snap-in of IIS, right click on the cert and select All Tasks->Manage Private Keys and add IIS_IUSRS if it is not there. (This is for IIS 7 only I believe, as you tagged)

2012-04-05 16:25
by ryanhallcs
When you say "try removing the 'CN=' from your web.config entry, like so (other identityModel config entries hidden):" Do you mean remove 'CN=' from the value="CN=IdentityTKStsCert"? Also do I need to insert the microsoft.identyModel section into web.config - dev.e.loper 2012-04-05 19:44
Yes, you should have the microsoft.IdentityModel config sections for both your relying party and your STS. Once you install the WIF SDK you should be able to start a new mvc project and right click->Add STS Reference in Visual Studio. Then, if you select 'Create new STS' option, all of that web.config stuff should be handled for you - ryanhallcs 2012-04-05 20:16