编程方式导入证书到IIS？ [英] Programatically import cert into IIS?

问题描述

我有一个SSL证书的质子交换膜，我想在一个MSI我的web应用程序分发（已在客户端计算机上运行）。那么我需要将其导入（进入一些凭证存储？），并告诉我的站点绑定使用它。但我怎么能做到这一点的代码？我发现Microsoft.Web.Administration，但不知道从哪里还有...

I have a .pem certificate for SSL, I want to distribute it with my web application in an MSI (has to run on clients' computers). I then need to import it (into some credentials store?) and tell my site bindings to use it. But how can I do this in code? I've discovered Microsoft.Web.Administration, but not sure where to go from there …

这是在IIS7 BTW。

This is in IIS7 btw.

编辑：这里的目标是让客户可以在他们的内部网运行一个Web应用程序。它主要充当一个iPhone应用程序的API。 （也许这是不是最好的设计，但我们现在锁定）。因此，客户安装MSI，瞧，他们有一个Web服务。现在需要有iPhone和Web服务之间的密码验证;最简单的方法似乎是做到这一点的HTTPS。所以我做了一个自签名的证书。

The goal here is to have a web application that customers can run on their intranets. It mainly acts as an API for an iPhone app. (Maybe this isn't the best design but we're locked in now.) So the customer installs the MSI, and voila, they have a web service. Now there needs to be password authentication between the iPhone and the web service; the simplest way seemed to be to do it in https. So I made a self-signed cert.

我知道，重新分配一个单独的证书通常是一个坏主意，但我们只是试图在这里击败休闲黑客...这将是唯一的内部网和仅用于企业而言，这似乎不太可能，任何人都将是做任何事情太疯狂了，和API严格限制你可以做的数据库反正坏事量。

I'm aware that redistributing a single cert is generally a bad idea, but we're just trying to defeat casual hackers here … this is going to be intranet only and for businesses only, it seems unlikely that anyone is going to be doing anything too crazy, and the API severely restricts the amount of Bad Things you are able to do to the database anyways.

所以我们走，我们的目标是有密码验证Intranet上的Web应用程序，具有一键（ISH）的安装。 :-D

So there we go, the goal is to have password authentication on an intranet web app, with one-click(ish) installation. :-D

推荐答案

答案，亲爱的读者，是这样的：

The answer, dear readers, is this:

// Assume 'site' is already set to your site via something like 
// Site site = mgr.Sites.Add(siteName, directory, 443);

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

// Here, directory is my install dir, and (directory)\bin\certificate.pfx is where the cert file is.
// 1234 is the password to the certfile (exported from IIS)
X509Certificate2 certificate = new X509Certificate2(directory + @"\bin\certificate.pfx", "1234");

store.Add(certificate);

var binding = site.Bindings.Add("*:443:", certificate.GetCertHash(), store.Name);
binding.Protocol = "https";
store.Close();

由于这种随机线程：的 http://forums.iis.net/t/1163325.aspx

这篇关于编程方式导入证书到IIS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！