This article mainly introduces in detail the solutions to a series of problems that occur when ASP.NET uses X509Certificate2, which has certain reference value. , interested friends can refer to
When making refunds through WeChat payment, due to the need to use the p12 certificate, a series of pitfalls will be encountered. Make a note here for easy reference later.
Original code to load the certificate:
Copy code The code is as follows:
1 X509Certificate2 cert = new X509Certificate2(path + WxPayConfig.SSLCERT_PATH, WxPayConfig.SSLCERT_PASSWORD);2 Request.ClientCertificates.Add(cert);
Passed the test on vs. But when deployed to IIS, this problem keeps reporting:
Copy code The code is as follows:
System.Security.Cryptography.CryptographicException: 系统找不到指定的文件。
Detailed Stack Trace information:
At System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
At System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, ]
xml
, String url, Boolean isUseCert, Int32 timeout). After repeated testing, it was confirmed that it was not a problem with the code or file path. After querying
Click [Start] -> [Run] -> Type [mmc] Enter the "Console" interface -> Select [File] -> [Add/Delete
Snap-in] (Ctrl+M)Select [Certificate] -> [Computer Account] -> [Next] -> [Complete]
Select [Certificate] -> [Import]
Import your certificate file
2. Authorization certificate
First install the winhttpcertcfg.exe tool (Windows HTTP Services Certificate Configuration Tool). After the installation is complete, the tool will be in the C:\Program Files (x86)\Windows Resource
Kits\Tools or C:\Program Files\Windows Resource Kits\Tools folder. Open cmd and type the command: The code is as follows:winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "Your certificate name" -a "Your iis The account identifier "
-g command is authorization -c refers to the storage area where the certificate is locatedIn addition, the name of the certificate is this, as shown in the figureRather than something else, I just made a mistake. I clicked on the details of this certificate and took the name inside, causing the authorization to fail.
The iis account identification refers to the application pool corresponding to the site. There is an option to identify the corresponding user in the advanced settings. At that time, the identity I authorized was Network Service, and the identity in the application pool was ApplicationPoolIdentity. As a result, when I initiated a request:
Copy code
The code is as follows:System.Net.WebException: Request aborted: Unable to create SSL/TLS Secure
channel.After completing these configurations, modify the code for loading the certificate before.
复制代码 代码如下:
1 X509Store store = new X509Store("My", StoreLocation.LocalMachine); 2 store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); 3 4 System.Security.Cryptography.X509Certificates.X509Certificate2 cert = 5 store.Certificates.Find(X509FindType.FindBySubjectName, "你的证书名称", false)[0];
再测试一下,终于成功!
The above is the detailed content of Sharing solutions to some problems when ASP.NET uses X509Certificate2 (picture). For more information, please follow other related articles on the PHP Chinese website!