通过"netsh.exe"添加SSL证书.机器重启后不会持续 [英] Adding SSL Certificate via "netsh.exe" does not last after a machine restart
问题描述
我目前正在构建一个将IIS Express用于我的开发服务器的ASP.Net MVC 3 eccomerce应用程序.
I am currently building an ASP.Net MVC 3 eccomerce app that uses IIS Express for my development server.
当我们通过应用程序接受付款时,我们需要为结帐流程强制执行SSL连接.
As we are accepting payments via the app we need to enforce SSL connections for the checkout process.
按照斯科特·汉塞尔曼(Scott Hanselman)写得很好的文章,该书介绍了如何设置自签名SSL证书为了与IIS Express一起使用,我可以同时通过以下两种方式访问我的网站:
After following Scott Hanselman's well written article on how to set up self signed SSL certificates for use with IIS Express, I can access my site via both:
- http://localhost
- https://localhost
这都是肉汁,直到我重新开始. 似乎每次(由于某种原因)每次重新启动时,我都需要再次运行以下命令:
This is all gravy, until I restart. It seems that each time I restart (for whatever reason) I need to run the following commands again:
netsh http delete sslcert ipport=0.0.0.0:443
netsh http add sslcert ipport=0.0.0.0:443 appid={214124cd-d05b-4309-9af9-9caa44b2b74a} certhash=<thumbprint from Certificate Manager>
我尝试导出和导入生成的证书,并将证书从个人商店"拖到受信任的根证书颁发机构". 两者都无济于事.
I have tried exporting and importing the generated certificate, as well as dragging the certificate from the Personal Store to the Trusted Root Certification Authorities. Both to no avail.
有人有什么想法吗?
推荐答案
一些人在 http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx
最后的评论是:
我认为,通过将自签名证书从个人"移动到受信任的根CA"目录,会导致开发人员重新启动计算机后SSL停止工作的问题. (不知道它是如何发生的,但是确实会持续发生.)我终于通过导出解决了这个问题,并将自签名证书重新导入到受信任的根目录中(而不是简单地将其拖到上面).现在考虑了我的自签名证书,并且每次重新启动计算机时都不需要重新安装/修复IIS Express.
I think by moving the self signed cert from Personal to Trusted Root CA directory causes a problem that SSL stops working after developers reboot their machines. (Don't know how it happens, but it does happen consistently.) I finally get around this issue by export and re-import the self-signed cert into the trusted root directory (instead of simply drag it over). Now my self-signed cert is considered and I don't need to REINSTALL/REPAIR IIS Express every time I reboot the machine.
这篇关于通过"netsh.exe"添加SSL证书.机器重启后不会持续的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
