One of my customers had a problem when using one certificate on IIS 7. This certificate once been used on IIS 6 and it works fine. This means there is no problem with the certificate itself.
Here are the steps. Open the IIS MMC, open the Site Bindings, and then add a HTTPS binding. Select this certificate from the certificates drop down list, and click OK. Then, got follow error:
(Exception from HRESULT: 0x80070520)
There was no problem using other certificates in the drop down list. Using CertUtil command to verify the certificate, we got error s like the Encryption test failed for the certificate imported.
The problem is due to Administrators group doesn’t have permission to access the private key file which is under "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys". By default, administrators group and system account have full control for this folder. This was resolved by giving administrators group full control to this folder.
278381 Default permissions for the MachineKeys folders