Windows 服务器上的 AWS CloudHSM 错误:证书请求处理器:未定义提供程序类型。 0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
AWS CloudHSM error on Windows Server: Certificate Request Processor: Provider type not defined. 0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
使用 AWS CloudHSM 服务在 Windows 服务器上生成 CSR 时,出现以下错误:
certreq.exe -new my-request.inf my-request.csr
Certificate Request Processor: Provider type not defined. 0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
怎么了?
凭据问题
此错误消息通常表示您作为 CU 用户连接到 CloudHSM 集群的凭据不正确:
- 确保您使用 CU 用户(加密用户)而不是 CO(加密官)用户登录(more on AWS CloudHSM user management)
- 确保您的凭据正确(打字错误,copy/paste 问题,多余的字符)。
此外,如果遇到以下错误,这通常意味着您尚未设置 CloudHSM 凭据(见下文)
n3fips_password env variable not set>
Cfm2Shutdown: Application is not initialized
Tl;dr:设置凭据以通过 Windows SDK 工具使用 CloudHSM 集群:
& "C:\Program Files\Amazon\CloudHSM\tools\set_cloudhsm_credentials.exe" --username test_cu_user --password xxx
# Securely input the username and password:
${hsm_creds_user} = Read-Host -AsSecureString "hsm_creds_user"
${hsm_creds_password} = Read-Host -AsSecureString "hsm_creds_password"
# Convert from SecureString to String
$hsm_cu_user = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hsm_creds_user))
$hsm_cu_pwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hsm_creds_password))
#
& "C:\Program Files\Amazon\CloudHSM\tools\set_cloudhsm_credentials.exe" --username ${hsm_cu_user} --password ${hsm_cu_pwd}
您现在可以使用 certreq 或 signtool。
来源:
使用 AWS CloudHSM 服务在 Windows 服务器上生成 CSR 时,出现以下错误:
certreq.exe -new my-request.inf my-request.csr
Certificate Request Processor: Provider type not defined. 0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
怎么了?
凭据问题
此错误消息通常表示您作为 CU 用户连接到 CloudHSM 集群的凭据不正确:
- 确保您使用 CU 用户(加密用户)而不是 CO(加密官)用户登录(more on AWS CloudHSM user management)
- 确保您的凭据正确(打字错误,copy/paste 问题,多余的字符)。
此外,如果遇到以下错误,这通常意味着您尚未设置 CloudHSM 凭据(见下文)
n3fips_password env variable not set>
Cfm2Shutdown: Application is not initialized
Tl;dr:设置凭据以通过 Windows SDK 工具使用 CloudHSM 集群:
& "C:\Program Files\Amazon\CloudHSM\tools\set_cloudhsm_credentials.exe" --username test_cu_user --password xxx
# Securely input the username and password:
${hsm_creds_user} = Read-Host -AsSecureString "hsm_creds_user"
${hsm_creds_password} = Read-Host -AsSecureString "hsm_creds_password"
# Convert from SecureString to String
$hsm_cu_user = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hsm_creds_user))
$hsm_cu_pwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hsm_creds_password))
#
& "C:\Program Files\Amazon\CloudHSM\tools\set_cloudhsm_credentials.exe" --username ${hsm_cu_user} --password ${hsm_cu_pwd}
您现在可以使用 certreq 或 signtool。
来源: