winhttpcertcfg使访问IIS用户在Windows 7 [英] winhttpcertcfg giving access to iiS user in Windows 7
问题描述
我需要给访问IIS用户一个PFX证书。该网站下的应用程序池下的一些用户AppPoolUser运行。 IIS自动拥有用户名IIS APPPOOL \ AppPoolUser,这就是我们需要给访问时,我们使用为aspnet_regiis -ga。
I need to give access to the IIS user to a pfx certificate. The website is running under the App Pool under some user AppPoolUser. IIS automatically has the user name "IIS APPPOOL\AppPoolUser" and this is what we need to give access when we use aspnet_regiis -ga .
然而,当我使用winhttpcertcfg给访问用户IIS APPPOOL \ AppPoolUser,它说:没有帐户信息被发现。
However, when i use winhttpcertcfg to give access to the user "IIS APPPOOL\AppPoolUser", it says "No account information was found".
我使用的命令是
winhttpcertcfg -i <filename> -c <certificateLocation> - g -a <account name>
没有找到任何样本这个在网上。任何想法?
Didn't find any samples for this over the web. Any ideas?
推荐答案
我知道这是一个老问题,但我有同样的问题昨天,所以我虽然我会回答。
I know it's an old question, but I just had the same problem yesterday so I though I'd answer.
我有同样的问题,但与位于LOCALMACHINE证书 - > TrustedPeople店...
I had the same problem but with a certificate located in the LocalMachine -> TrustedPeople store...
您必须使用 ICACLS 而不是 WinHttpCertCfg ,从这个链接。
You have to use icacls instead of WinHttpCertCfg, taken from this link.
基本上,它应该是这样的:
Basically, it should look like this:
ICACLS <filename> /grant "IIS AppPool\DefaultAppPool":R
为了完成,我这里怎么需要做它来访问受信任人的商店。两者在某种程度上从<一个href="http://www.qualitydata.com/products/windows-cardspace/information-card-ssl-certificate-private-key.aspx">this链接。
-
使用微软的 FindPrivateKey工具找到实际文件的证书在商店。此工具必须从源头code编译在
\ WF_WCF_Samples \ WCF \ SETUP \ FindPrivateKey \ CS从的Windows通讯基础(WCF)和Windows工作流基础(WF)样品用于.NET Framework 4 下载。
Use the FindPrivateKey tool from Microsoft to locate the actual file for the cert in the store. This tool must be compiled from the source code in
.\WF_WCF_Samples\WCF\Setup\FindPrivateKey\CSfrom the Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4 download.
FindPrivateKey.exe TrustedPeople LocalMachine -t "<thumbprint of the SSL cert>"
使用 ICACLS 由FindPrivateKey给定的文件。
Use icacls on the file given by FindPrivateKey.
icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\<path to certificate> /grant "IIS AppPool\<your AppPool name>":R
瞧!
这篇关于winhttpcertcfg使访问IIS用户在Windows 7的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
