X509Certificate - 密钥集不存在 [英] X509Certificate - Keyset does not exist
问题描述
我有一个 WinForms 应用程序,它使用 WCF,并将证书作为参数传递给函数:
mySvcClient.SendDocument(cert.Export(X509ContentType.SerializedCert, "password"));...
在 WCF 服务中,我从字节数组中重新创建了证书:
public void SendDocument (byte[] binaryCert){X509Certificate2 cert = new X509Certificate2(binaryCert, "password");...
但是在使用证书对 xml 进行签名时,出现错误密钥集不存在":
if (cert.HasPrivateKey)//有效!!!{signedXml.SigningKey = cert.PrivateKey;//抛出密钥集不存在"异常...
在我的电脑上,该应用程序 100% 运行!但是在 WebServer 中,我收到了这个错误!
问题是:即使是从字节数组重新创建的 X509Certificate2,我也需要一些特殊的权限才能访问私钥?
谢谢!
如果你使用的是windows server 2008或windows 7,那么你需要有读取私钥的权限.
- 使用 FindPrivateKey 工具查找路径.例如:
<块引用>
FindPrivateKey My LocalMachine -n "CN=MyCert" –a
它返回路径:C:ProgramDataMicrosoftCryptoRSAMachineKeys[File Name]
转到该路径并打开文件属性
转到安全标签
点击编辑",然后点击添加"
在打开的对话框中写入:IIS AppPool[您的应用程序池名称],然后单击确定
现在您的应用程序池有权读取此私钥.
I have a WinForms application that consumes a WCF, and pass as a parameter to a function a certificate:
mySvcClient.SendDocument(cert.Export(X509ContentType.SerializedCert, "password"));
...
In WCF service, I recreated the certificate from the array of bytes:
public void SendDocument (byte[] binaryCert)
{
X509Certificate2 cert = new X509Certificate2(binaryCert, "password");
...
But when using the certificate to sign a xml, I got the error "Keyset does not exist":
if (cert.HasPrivateKey) // WORKS!!!
{
signedXml.SigningKey = cert.PrivateKey; // THROW "keyset does not exist" EXCEPTION
...
In my computer, the application works 100%! But in the WebServer, I got this error!
The question is: even X509Certificate2 recreated from an array of bytes, I need some special permission to access private key?
Thank you!
If you are using windows server 2008 or windows 7, then you need the permission to read private key.
- use FindPrivateKey tool to find path. For example:
FindPrivateKey My LocalMachine -n "CN=MyCert" –a
it returns the path: C:ProgramDataMicrosoftCryptoRSAMachineKeys[File Name]
Go to that path and open file properties
Go to security tab
Click on "Edit" then "Add"
In opened dialog write: IIS AppPool[your application pool name] and click OK
Now your application pool has permission to read this private key.
这篇关于X509Certificate - 密钥集不存在的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!