In order to add permissions on the certificate, run the Windows Certificate Manager (Windows-key + R-key -> certlm.msc ).

Under Certificates - Local Computer -> Personal -> Certificate you can see the generated self-signed certificate.

Right-click on the certificate and select All tasks -> Manage Private Keys....

-> The Security window will popup.

Click Add to add a local server user (in this case user "root") to the list of users that have permissions to use the certificate.

In the Select Users or Groups window, enter the username (in this case user "root") in the box Enter the object names to select and select Check Names.

We should get an output in the Enter the object names to select box in the format "HOSTNAME\username" as in this example "TESTSERVER-01\root" after you have selected Check Names.

Note The hostname has a limit of 16 ASCII character because of NetBIOS compatibility. In case you have a hostname longer then 16 character the output in Enter the object names to select for the hostname will be only first 16 characters \username.

If this was done in a domain environment the output would be: „Name (username@domain)“. For example: „user name (i.cabraja@cadenas.de)“

Select OK

-> In the security window, you will have user root on the list under Groups or user names with permissions Allow for Full control and Read.

Select OK and permissions on the certificate for the user "root" have been successfully added.