我已经生成了自己的证书,可以在.NET 6 API中使用。我已经将以下内容添加到appsettings.json中(密码不用于生产:P)
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://*:5409",
"Certificate": {
"Path": "D:\\supercertificate.pfx",
"Password": "Password!"
}
}
}
},启动时出现以下错误:
Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException
HResult=0x80090010
Message=Access denied.
Source=System.Security.Cryptography.X509Certificates
StackTrace:
at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<BindAsync>d__33.MoveNext()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<StartAsync>d__30`1.MoveNext()
at Microsoft.AspNetCore.Hosting.GenericWebHostService.<StartAsync>d__37.MoveNext()
at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>d__12.MoveNext()
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.<RunAsync>d__4.MoveNext()
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.<RunAsync>d__4.MoveNext()
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
at Program.Main(String[] args) in D:\Program.cs:line 9
This exception was originally thrown at this call stack:
[External Code]
Program.Main(string[]) in Program.cs我已经检查了文件的位置,并使用openssl打开和读取了pfx文件,并输入了密码。我还确认了文件权限是正确的。
~ openssl pkcs12 -info -in supercertificate.pfx -nodes
**Enter Import Password:**
MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes
Microsoft Local Key set: <No Values>
localKeyID: 01 00 00 00
friendlyName: te-e02d7385-8f7e-406c-8dde-51dbae188432
Microsoft CSP Name: Microsoft Software Key Storage Provider
Key Attributes
X509v3 Key Usage: 90
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDerG/71KYBKi/C
fETsPq55UWsBeigslhOpI4L8qVhycAbCgxDTXsflry+nVIDTU4Imbvlrb2lpcVCR似乎有一个问题,证书或加载它,但我不认为是什么。任何帮助表示感谢。
1条答案
按热度按时间ltskdhd11#
我们在工作中遇到了完全相同的问题。2我们可以通过设置权限来解决它。
使用管理powershell并执行.
icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /inheritance:r /grant Administrators:F /grant:r Everyone:RW我们在这里找到了答案。https://stackoverflow.com/a/73409128