Private Key on node must be accessible to delegated users to be able to use TERR Service

Private Key on node must be accessible to delegated users to be able to use TERR Service

In an environment with kerberos delegation to the Spotfire Web Player you might end up in a situation where access to other Spotfire components fails due to:
 

WinHttp request failed with code (12186): ClientCertificateNoAccessPrivateKey

This line is logged on DEBUG so it's not always clear that this is the reason in the following ERROR message.

One of the situations this can happen is when you try to access the TERRservice, if the TERRservcie URL in question has not been successfully accessed recently (by a user having access to the certificate private key).

1. Grant read access to the certificate private key for the group "Authenticated Users" 
2. On the Node Manager in question, open mmc.exe, add Snap-in certificate for Local computer
3. Open Console Root/Certificates/Personal/Certificates and right click on the certificate issued by "TIBCO Spotfire Signing CA"
4. Under All Tasks you find "Manage Private keys..."
5. Add the Group "Authenticated Users" (or any other AD group defining all intended users) and grant read

After this you should not get ClientCertificateNoAccessPrivateKey