> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/troubleshooting-articles/certificate-security-provider-configuration-errors.md). # Certificate security provider configuration errors Occasionally, configuring certificate security providers may result in errors. To perform encryption using the certificate, the application must access the certificate's private key, which can sometimes cause issues. {% hint style="info" %} First try solving the issue by running Remote Desktop Manager in administrator mode to rule out any common permission errors. {% endhint %} ### Common permission errors `An error occurred trying to access the certificate private key. (0x80100001, SCARD_F_INTERNAL_ERROR)`\ \ If you are using a YubiKey Smart Card certificate, please refer to [Troubleshooting SCARD\_F\_INTERNAL\_ERROR](https://support.yubico.com/hc/en-us/articles/360013718020-Troubleshooting-SCARD-F-INTERNAL-ERROR). This error is caused by an internal issue with the Yubikey configuration. They recommend enabling the debug logging to diagnose the issue with the Yubikey. *** `Smart card prompt cancelled. (0x8010006E, SCARD_W_CANCELLED_BY_USER)`\ \ The smart card credential prompt was cancelled which prevented accessing the private key. *** `Access denied (0x80090010, NTE_PERM)`\ \ The application was not able to access the certificate private key due to permission issues. * This could also be caused by cancelling the certificate PIN prompt. * The user is not allowed to read the certificate private key. *** `Unable to open the Windows cryptographic key container. (0x80090016, NTE_BAD_KEYSET)`\ \ The application was not able to access the certificate private key in the Windows cryptographic key container.\ \ This issue could be caused by permission issues or by a nonexistent or corrupted key. The latter might occur if the user changes their password, leading to the rotation of the DPAPI keys and therefore preventing the successful decryption of key containers.`The handle is invalid. (0x80090026, NTE_INVALID_HANDLE)`The application was not able to access the certificate private key.\ \ Here some reasons this could happen: * The certificate is not an RSA certificate. * The certificate does not contain an RSA private key. * The private key is not marked as exportable. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/rdm/knowledge-base/troubleshooting-articles/certificate-security-provider-configuration-errors.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.