Azure 上的 Certenroll - 生成自签名证书 [英] Certenroll on Azure - Generating self signed certificates
问题描述
我使用 Certenroll (CERTENROLLLib) 创建了一个创建自签名证书.一切都在本地运行,但只要我部署到Azure,我就会得到:
<块引用>服务器 API 错误:消息:CertEnroll::CX509Enrollment::_CreateRequest:访问被拒绝.0x80070005(WIN32:5 ERROR_ACCESS_DENIED),堆栈跟踪:在CERTENROLLLib.IX509Enrollment2.CreateRequest(EncodingType Encoding)
在Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(字符串subjectName, Int32 certificateValidityInYears, String password) atFoo.Api.Core.Services.CertificateService.d__4.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
在Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
如果使用:
var cert = new CX509CertificateRequestCertificate();cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
或
<块引用>服务器 API 错误:消息:CertEnroll::CX509CertificateRequestCertificate::InitializeFromPrivateKey:参数不正确.0x80070057 (WIN32: 87ERROR_INVALID_PARAMETER),堆栈跟踪:在CERTENROLLLib.IX509CertificateRequestCertificate2.InitializeFromPrivateKey(X509CertificateEnrollmentContext上下文,IX509PrivateKey pPrivateKey,字符串 strTemplateName) 在Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(字符串subjectName, Int32 certificateValidityInYears, String password) atFoo.Api.Core.Services.CertificateService.d__4.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
在Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
如果使用:
var cert = new CX509CertificateRequestCertificate();cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, "");
在 Azure 上使用 Certenroll 有什么办法可以克服这个问题吗?
编辑:导致我找到正确路径的最终错误.
<块引用>服务器 API 错误:消息:CertEnroll::CX509PrivateKey::Create:系统找不到指定的文件.0x80070002 (WIN32: 2ERROR_FILE_NOT_FOUND),堆栈跟踪:在CERTENROLLLib.IX509PrivateKey2.Create() 在Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(字符串subjectName, Int32 certificateValidityInYears, String password) atFoo.Api.Core.Services.CertificateService.d__4.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext()--- 从上一个抛出异常的位置开始的堆栈跟踪结束 --- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
在Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
- 在
InitializeFromPrivateKey
中使用 - 创建私钥时设置
privateKey.MachineContext = false;
- 在 Azure 上添加新的应用程序设置
X509CertificateEnrollmentContext.ContextUser
<块引用>
WEBSITE_LOAD_USER_PROFILE = 1
这对我有用
I have built a creation self-signing certificates using Certenroll (CERTENROLLLib). All works locally but as soon as I deploy it to Azure I get either:
Server API error: Message: CertEnroll::CX509Enrollment::_CreateRequest: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED), StackTrace: at CERTENROLLLib.IX509Enrollment2.CreateRequest(EncodingType Encoding)
at Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName, Int32 certificateValidityInYears, String password) at Foo.Api.Core.Services.CertificateService.d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
if using:
var cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
or
Server API error: Message: CertEnroll::CX509CertificateRequestCertificate::InitializeFromPrivateKey: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER), StackTrace: at CERTENROLLLib.IX509CertificateRequestCertificate2.InitializeFromPrivateKey(X509CertificateEnrollmentContext Context, IX509PrivateKey pPrivateKey, String strTemplateName) at Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName, Int32 certificateValidityInYears, String password) at Foo.Api.Core.Services.CertificateService.d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
if using:
var cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, "");
Is there any way how to overcome this issue with Certenroll on Azure?
Edit: final error that lead me to the correct path.
Server API error: Message: CertEnroll::CX509PrivateKey::Create: The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND), StackTrace: at CERTENROLLLib.IX509PrivateKey2.Create() at Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName, Int32 certificateValidityInYears, String password) at Foo.Api.Core.Services.CertificateService.d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.<b__5>d.MoveNext()
- use
X509CertificateEnrollmentContext.ContextUser
inInitializeFromPrivateKey
- when creating private key setting
privateKey.MachineContext = false;
- on Azure add a new Application Setting
WEBSITE_LOAD_USER_PROFILE = 1
that made it work for me
这篇关于Azure 上的 Certenroll - 生成自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!