Sharing solutions to some problems when ASP.NET uses X509Certificate2 (picture)

This article mainly introduces in detail the solutions to a series of problems that occur when ASP.NET uses X509Certificate2, which has certain reference value. , interested friends can refer to

When making refunds through WeChat payment, due to the need to use the p12 certificate, a series of pitfalls will be encountered. Make a note here for easy reference later.

Original code to load the certificate:

Copy code The code is as follows:

1 X509Certificate2 cert = new X509Certificate2(path + WxPayConfig.SSLCERT_PATH, WxPayConfig.SSLCERT_PASSWORD);2 Request.ClientCertificates.Add(cert);

Passed the test on vs. But when deployed to IIS, this problem keeps reporting:

Copy code The code is as follows:

System.Security.Cryptography.CryptographicException: 系统找不到指定的文件。

Detailed Stack Trace information:

At System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
At System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, ]
xml
, String url, Boolean isUseCert, Int32 timeout). After repeated testing, it was confirmed that it was not a problem with the code or file path. After querying

Microsoft's documentation, I found relevant instructions and pointed out the problem. I will share my operation process below.

1. Install the certificate

Click [Start] -> [Run] -> Type [mmc] Enter the "Console" interface -> Select [File] -> [Add/Delete

Snap-in] (Ctrl+M)

Select [Certificate] -> [Computer Account] -> [Next] -> [Complete]

Select [Certificate] -> [Import]

Import your certificate file

2. Authorization certificate

First install the winhttpcertcfg.exe tool (Windows HTTP Services Certificate Configuration Tool). After the installation is complete, the tool will be in the C:\Program Files (x86)\Windows Resource

Kits\Tools or C:\Program Files\Windows Resource Kits\Tools folder. Open cmd and type the command:

Copy code

The code is as follows:

winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "Your certificate name" -a "Your iis The account identifier "

-g command is authorization

-c refers to the storage area where the certificate is located

In addition, the name of the certificate is this, as shown in the figure

Rather than something else, I just made a mistake. I clicked on the details of this certificate and took the name inside, causing the authorization to fail.

The iis account identification refers to the application pool corresponding to the site. There is an option to identify the corresponding user in the advanced settings. At that time, the identity I authorized was Network Service, and the identity in the application pool was ApplicationPoolIdentity. As a result, when I initiated a request:

Copy code

The code is as follows:

System.Net.WebException: Request aborted: Unable to create SSL/TLS Secure

channel.

3. Modify the code

After completing these configurations, modify the code for loading the certificate before.

复制代码 代码如下:

1 X509Store store = new X509Store("My", StoreLocation.LocalMachine);
2 store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
3 
4 System.Security.Cryptography.X509Certificates.X509Certificate2 cert = 5 store.Certificates.Find(X509FindType.FindBySubjectName, "你的证书名称", false)[0];

再测试一下，终于成功!

The above is the detailed content of Sharing solutions to some problems when ASP.NET uses X509Certificate2 (picture). For more information, please follow other related articles on the PHP Chinese website!