Windows Server 2012 IIS 8.5上的证书私钥访问错误 [英] Certificate Private Key Access error on Windows Server 2012 IIS 8.5

问题描述

环境：Windows Server 2012

IIS 8.5



无法在IIs 8.5上使用winhttpcertcfg授予权限，但在IIS 6.0上运行正常。请指教。谢谢。

错误：私钥无法成功访问。

这只能由安装证书的用户完成。



C：\程序文件（x86）\ Windows资源套件\工具> winhttpcertcfg -i E：/xyz.pfx -c LOCAL_MACHINE \我-a OACTCISSxxx -pxxx

Microsoft（R）WinHTTP证书配置工具

版权所有（C）Microsoft Corporation 2001.



导入证书：

E = xxx.testwebservice@jstate.pa.us

CN = ixxx testwebservice

OID.0.9.2342.2220300.100.1.1 = xxx.testWebservice

OU = xyz

O =联邦o $





授予帐户私钥访问权限：

OACTCISSxxx \

导入证书：

CN = oaJNET测试联合体CA - G2
OU =仅用于测试目的

O =联邦o $

C = US





E. rror：未成功获取私钥的访问权限。

这只能由安装证书的用户完成。

Environment: Windows Server 2012
IIS 8.5

Unable to giving permission using winhttpcertcfg on IIs 8.5 but working fine on IIS 6.0. Please advice. Thanks.
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.

C:\Program Files (x86)\Windows Resource Kits\Tools>winhttpcertcfg -i E:/xyz.pfx -c LOCAL_MACHINE\My -a OACTCISSxxx -p "xxx"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Imported certificate:
E=xxx.testwebservice@jstate.pa.us
CN=ixxx testwebservice
OID.0.9.2342.2220300.100.1.1=xxx.testWebservice
OU=xyz
O=Commonwealth of oa


Granting private key access for account:
OACTCISSxxx\
Imported certificate:
CN=Commonwealth of oaJNET TEST CA - G2
OU=FOR TEST PURPOSES ONLY
O=Commonwealth of oa
C=US


Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.

推荐答案

我想如果您希望在IIS上部署的Web应用程序使用来自Windows证书存储区的证书，则需要将该应用程序设置为以安装该证书的用户身份运行，以便它可以访问其私钥。或者至少在为root用户安装证书时以管理员身份运行。

这只能由安装证书的用户完成，如错误所示。

I建议去IIS - >应用程序池 - >您的应用 - >高级设置

- >身份 - > ... - >自定义帐户 - >设置并提供使用该证书的用户信息。

希望这有助于

I would guess that if you want your web application deployed on IIS to use certificate from windows cert store, you need to set that application to run as user that you installed that certificate for, so that it have access to its private key. Or at least to run as admin if you installed certificate for root user.
"This can only be done by the user who installed the certificate" as error say.
I suggest going to IIS --> Application pools --> YOUR APP --> Advanced settings
--> Identity --> ... --> Custom account --> Set and provide user info for one that uses that certificate.
Hope this helps

这篇关于Windows Server 2012 IIS 8.5上的证书私钥访问错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！