数字签名后,受管Windows服务启动缓慢 [英] Managed Windows Service starts up slowly after digital signing
问题描述
我们最近尝试对.NET二进制文件进行数字签名。我们有一个Windows服务,通常会在10秒内启动。但是,当我们开始对其进行数字签名后,时间增加到20-30秒左右。
We recently tried out digitally signing our .NET binaries. We have a Windows Service which typically starts up within 10 seconds. However after we started digitally signing it, the time increased to around 20-30 seconds.
谷歌搜索导致我这样:
http://support.microsoft.com/kb/936707 基本上说我必须将generatePublisherEvidence设置为false。
Googling led to me this: http://support.microsoft.com/kb/936707 which basically says that I have to set generatePublisherEvidence to false.
但是 generatePublisherEvidence的描述指出了这样一个事实:不适用于.NET4。仍然我尝试了此设置,它确实起作用。我再次检查了我的二进制文件是否针对.NET 4。
But the description of generatePublisherEvidence on MSDN points to the fact that this is not applicable for .NET 4. Still I tried out this setting and it did work. I double checked that my binaries do target .NET 4.
有人可以向我解释这种行为吗?
Can someone please explain me this behavior?
推荐答案
我按照 http://support.microsoft.com中提到的步骤进行操作/ kb / 936707 基本上是说我必须在应用程序的App.Config中将 generatePublisherEvidence 设置为 false 。
I followed the steps mentioned in http://support.microsoft.com/kb/936707 which basically says that I have to set generatePublisherEvidence to false in my application's App.Config.
编辑:根据ssdi的回答,延迟的根本原因是:
As per ssdi's answer, the root cause of the delay is because:
发生此问题的原因是应用程序必须下载
证书吊销列表(CRL)进行身份验证。但是,缺乏网络连接会导致下载因超时而失败。以
为例,防火墙可能会阻止下载。 Windows
首次启动时,网络连接尚未初始化。
This problem occurs because the application must download the Certificate Revocation List (CRL) for authentication. However, a lack of network connectivity causes the download to fail by timing out. For example, a firewall may potentially block the download. When Windows first starts, the network connection is not yet initialized.
另请参见文章: http://support.microsoft.com/kb/941990 了解详情。
See also article: http://support.microsoft.com/kb/941990 for more details.
这篇关于数字签名后,受管Windows服务启动缓慢的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!