C# x509证书可能没有私钥的访问权限
我正试图通过我的应用程序为用户导入证书。这适用于服务器2012和windows 10,但在较旧的操作系统(如windows 7和server 2008 r2)上,导入似乎无法正常工作。部分工作由一个助手类完成,该类复制证书并分配权限C# x509证书可能没有私钥的访问权限,c#,ssl-certificate,x509certificate,C#,Ssl Certificate,X509certificate,我正试图通过我的应用程序为用户导入证书。这适用于服务器2012和windows 10,但在较旧的操作系统(如windows 7和server 2008 r2)上,导入似乎无法正常工作。部分工作由一个助手类完成,该类复制证书并分配权限 string path = Path.Combine(Path.GetDirectoryName(certLocation), "test_cert.pfx"); //Create the certificate and import it _cert = new
string path = Path.Combine(Path.GetDirectoryName(certLocation), "test_cert.pfx");
//Create the certificate and import it
_cert = new X509Certificate2();
_cert.Import(path, password, X509KeyStorageFlags.MachineKeySet);
X509CertHelper.CopyCertToStore(_cert, StoreName.My, StoreLocation.LocalMachine);
X509CertHelper.AddAccessToCertificate(_cert, Environment.UserName);
private static void AddAccessToCertificate(X509Certificate2 cert, string user)
{
RSACryptoServiceProvider rsa = cert.PrivateKey as RSACryptoServiceProvider;
if (rsa != null)
{
string keyfilepath =
FindKeyLocation(rsa.CspKeyContainerInfo.UniqueKeyContainerName);
FileInfo file = new FileInfo(keyfilepath + "\\" +
rsa.CspKeyContainerInfo.UniqueKeyContainerName);
FileSecurity fs = file.GetAccessControl();
NTAccount account = new NTAccount(user);
fs.AddAccessRule(new FileSystemAccessRule(account,
FileSystemRights.FullControl, AccessControlType.Allow));
file.SetAccessControl(fs);
}
}
我添加了一个权限调用来设置看起来正常工作的权限。但是,当查看证书管理器并从上下文菜单中选择“管理私钥”时,会得到两个不同的结果。在较新的操作系统上,“权限”对话框会根据代码正确显示新添加的权限,但在较旧的操作系统上,我只会收到一个神秘的错误,当我启动服务时,我会收到以下错误
证书'CN=test'可能会
没有能够交换密钥的私钥,或者进程可能没有私钥的访问权限。
对于旧操作系统可能出现的错误或额外步骤,您有什么想法吗?我最近在这台机器(Server2008R2)上运行了更新,因为我认为这可能是问题所在。我也需要在代码中这样做。下面的代码设置权限
string path = Path.Combine(Path.GetDirectoryName(certLocation), "test_cert.pfx");
//Create the certificate and import it
_cert = new X509Certificate2();
_cert.Import(path, password, X509KeyStorageFlags.MachineKeySet);
X509CertHelper.CopyCertToStore(_cert, StoreName.My, StoreLocation.LocalMachine);
X509CertHelper.AddAccessToCertificate(_cert, Environment.UserName);
private static void AddAccessToCertificate(X509Certificate2 cert, string user)
{
RSACryptoServiceProvider rsa = cert.PrivateKey as RSACryptoServiceProvider;
if (rsa != null)
{
string keyfilepath =
FindKeyLocation(rsa.CspKeyContainerInfo.UniqueKeyContainerName);
FileInfo file = new FileInfo(keyfilepath + "\\" +
rsa.CspKeyContainerInfo.UniqueKeyContainerName);
FileSecurity fs = file.GetAccessControl();
NTAccount account = new NTAccount(user);
fs.AddAccessRule(new FileSystemAccessRule(account,
FileSystemRights.FullControl, AccessControlType.Allow));
file.SetAccessControl(fs);
}
}
您必须使用
CurrentUser
store来存储用户证书。无需在计算机存储中安装用户证书。证书可由服务使用或在控制台模式下运行。为什么使用机器商店有问题?