Openssl X509Certificate2访问被拒绝
我一直在尝试将OpenSSL从0.9.8升级到1.0.1版本。创建先前工作正常的X509Certificate2证书现在失败 应用程序错误日志: System.Security.Cryptography.CryptographyException:访问被拒绝。 在System.Security.Cryptography.CryptographyException.ThrowCryptogaphicException(Int32 hr)中 在System.Security.Cryptography.X509Certificates.X509Utils.\u LoadCertFromBlob(字节[]rawData、IntPtr密码、UInt32 dwFlags、布尔persistKeySet、SafeCertContextHandle和pCertCtx) 位于System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(字节[]rawData,对象密码,X509KeyStrageFlags KeyStrageFlags) 位于System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(字节[]rawData,字符串密码,X509keystrageFlags keystrageFlags) 我在论坛上尝试了所有可能的解决方案,但都没有成功 代码片段:Openssl X509Certificate2访问被拒绝,openssl,x509certificate2,Openssl,X509certificate2,我一直在尝试将OpenSSL从0.9.8升级到1.0.1版本。创建先前工作正常的X509Certificate2证书现在失败 应用程序错误日志: System.Security.Cryptography.CryptographyException:访问被拒绝。 在System.Security.Cryptography.CryptographyException.ThrowCryptogaphicException(Int32 hr)中 在System.Security.Cryptography
public static X509Certificate2 _signerCert = null;
byte[] pfxData; string pfxPassword;
GetRootCertificate(out pfxData, out pfxPassword);
lock (_lockObjectSigner) {
_signerCert = new X509Certificate2(pfxData, pfxPassword);
}
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2016-05-31T05:48:49.268222200Z" />
<EventRecordID>33990</EventRecordID>
<Correlation />
<Execution ProcessID="500" ThreadID="4960" />
<Channel>Security</Channel>
<Computer>EMM-DMZ-SUS2.EMMDMZ.com</Computer>
<Security />
</System>
- <EventData>
<Data Name="SubjectUserSid">S-1-5-20</Data>
<Data Name="SubjectUserName">EMM-DMZ-SUS2$</Data>
<Data Name="SubjectDomainName">EMMDMZ</Data>
<Data Name="SubjectLogonId">0x3e4</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">RSA</Data>
<Data Name="KeyName">{A7C2BCEE-EC9F-49EA-92A6-666C0F2987DD}</Data>
<Data Name="KeyType">%%2499</Data>
<Data Name="Operation">%%2481</Data>
<Data Name="ReturnCode">0x80090010</Data>
</EventData>
</Event>
安全事件日志:
public static X509Certificate2 _signerCert = null;
byte[] pfxData; string pfxPassword;
GetRootCertificate(out pfxData, out pfxPassword);
lock (_lockObjectSigner) {
_signerCert = new X509Certificate2(pfxData, pfxPassword);
}
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2016-05-31T05:48:49.268222200Z" />
<EventRecordID>33990</EventRecordID>
<Correlation />
<Execution ProcessID="500" ThreadID="4960" />
<Channel>Security</Channel>
<Computer>EMM-DMZ-SUS2.EMMDMZ.com</Computer>
<Security />
</System>
- <EventData>
<Data Name="SubjectUserSid">S-1-5-20</Data>
<Data Name="SubjectUserName">EMM-DMZ-SUS2$</Data>
<Data Name="SubjectDomainName">EMMDMZ</Data>
<Data Name="SubjectLogonId">0x3e4</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">RSA</Data>
<Data Name="KeyName">{A7C2BCEE-EC9F-49EA-92A6-666C0F2987DD}</Data>
<Data Name="KeyType">%%2499</Data>
<Data Name="Operation">%%2481</Data>
<Data Name="ReturnCode">0x80090010</Data>
</EventData>
</Event>
启用IIS应用程序池配置(应用程序池>高级设置)以加载应用程序池标识用户的用户配置文件
是否将AppPool的标识更改为NetworkService/LocalService
手动添加Microsoft密钥文件夹“C:\programdata\Microsoft\Crypto”的管理员权限
请告诉我是否还有其他值得一试的选择
问候
纳里克