Application Pool does not have permissions for security certificate key

Problem

When launching the HotDocs Hub UI, you receive a "There was an unknown error" message. When you look in the log file for the HotDocsIdentityServer application, you see one of the following error messages:

• "System.InvalidOperationException: IDX10614: AysmmetricSecurityKey.GetSignatureFormatter(...) threw an exception.Key ...check to make sure the SignatureAlgorithm is supported ... Invalid provider type specified"
• "System.Security.Cryptography.CryptographicException: Keyset does not exist or Access is denied"

Cause

This issue is typically caused by the application pool under which Hub runs not having permission to read the private key of your SSL certficate.

Solution

You can resolve this problem by giving the application pool permission to read the MachineKeys directory.

1. Find the application pool under which Hub runs

1. On the server on which Hub is installed, open Internet Information Services (IIS) Manager.
2. Navigate to the site under which Hub is installed; by default, this is Default Web Site.
3. Select a Hub application; for example, HotDocsTemplateHubApi.
4. Click the Basic Settings link in the right-hand column.
5. Copy the name in the Application pool field.

2. Give the application pool permissions to the MachineKeys directory

1. On the server on which Hub is installed, open Windows Explorer.
2. Navigate to  C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
3. Right-click the MachineKeys folder.
4. Select the Properties option from the drop-down menu.
5. Navigate to the Security tab.
6. Click Edit.
7. Click Add.
8. Enter the name of the application pool from step 1.5; for example, IIS AppPool\DefaultAppPool
9. Click OK.
10. Click OK.

When you relaunch the Hub UI, you should no longer receive an error message.