Certenroll on Azure - 生成自签名证书
Certenroll on Azure - Generating self signed certificates
我使用 Certenroll (CERTENROLLLib) 创建了一个自签名证书。所有在本地工作,但一旦我 deploy 它到 Azure 我得到:
Server API error: Message:
CertEnroll::CX509Enrollment::_CreateRequest: Access is denied.
0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED), StackTrace: at
CERTENROLLLib.IX509Enrollment2.CreateRequest(EncodingType Encoding)
at
Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String
subjectName, Int32 certificateValidityInYears, String password) at
Foo.Api.Core.Services.CertificateService.d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at
Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
如果使用:
var cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
或
Server API error: Message:
CertEnroll::CX509CertificateRequestCertificate::InitializeFromPrivateKey:
The parameter is incorrect. 0x80070057 (WIN32: 87
ERROR_INVALID_PARAMETER), StackTrace: at
CERTENROLLLib.IX509CertificateRequestCertificate2.InitializeFromPrivateKey(X509CertificateEnrollmentContext
Context, IX509PrivateKey pPrivateKey, String strTemplateName) at
Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String
subjectName, Int32 certificateValidityInYears, String password) at
Foo.Api.Core.Services.CertificateService.d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at
Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
如果使用:
var cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, "");
有什么方法可以解决 Azure 上的 Certenroll 的这个问题吗?
编辑:引导我走向正确路径的最终错误。
Server API error: Message: CertEnroll::CX509PrivateKey::Create: The
system cannot find the file specified. 0x80070002 (WIN32: 2
ERROR_FILE_NOT_FOUND), StackTrace: at
CERTENROLLLib.IX509PrivateKey2.Create() at
Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String
subjectName, Int32 certificateValidityInYears, String password) at
Foo.Api.Core.Services.CertificateService.d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at
Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
- 在
InitializeFromPrivateKey 中使用X509CertificateEnrollmentContext.ContextUser
- 创建私钥设置时
privateKey.MachineContext = false;
- 在 Azure 添加新的 应用程序设置
WEBSITE_LOAD_USER_PROFILE = 1
这对我有用
我使用 Certenroll (CERTENROLLLib) 创建了一个自签名证书。所有在本地工作,但一旦我 deploy 它到 Azure 我得到:
Server API error: Message: CertEnroll::CX509Enrollment::_CreateRequest: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED), StackTrace: at CERTENROLLLib.IX509Enrollment2.CreateRequest(EncodingType Encoding)
at Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName, Int32 certificateValidityInYears, String password) at Foo.Api.Core.Services.CertificateService.d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
如果使用:
var cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
或
Server API error: Message: CertEnroll::CX509CertificateRequestCertificate::InitializeFromPrivateKey: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER), StackTrace: at CERTENROLLLib.IX509CertificateRequestCertificate2.InitializeFromPrivateKey(X509CertificateEnrollmentContext Context, IX509PrivateKey pPrivateKey, String strTemplateName) at Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName, Int32 certificateValidityInYears, String password) at Foo.Api.Core.Services.CertificateService.d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
如果使用:
var cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, "");
有什么方法可以解决 Azure 上的 Certenroll 的这个问题吗?
编辑:引导我走向正确路径的最终错误。
Server API error: Message: CertEnroll::CX509PrivateKey::Create: The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND), StackTrace: at CERTENROLLLib.IX509PrivateKey2.Create() at Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName, Int32 certificateValidityInYears, String password) at Foo.Api.Core.Services.CertificateService.d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
- 在
InitializeFromPrivateKey中使用 - 创建私钥设置时
privateKey.MachineContext = false; - 在 Azure 添加新的 应用程序设置
X509CertificateEnrollmentContext.ContextUser
WEBSITE_LOAD_USER_PROFILE = 1
这对我有用