WCF错误:“这可能是证明”我的证书“可能不会有一个私钥,能够密钥交换 [英] WCF Error : 'It is likely that certificate 'my cert' may not have a private key that is capable of key exchange
问题描述
我有我试图承载我们生产的Web服务器(IIS6)的WCF服务。我已经设置了网络和我们的证书绑到网上。当我尝试浏览到服务URL,我收到以下错误在事件日志中:
I have a WCF service I'm trying to host on our production web server (IIS6). I've set the web up and tied our cert to the web. When I try to browse to the service url, I receive the following error in the event log :
异常消息是:这是有可能该证书
'CN = .mydomain,OU =安全链接SSL通配符,OU = IT,C = US'可能不会
有一个私钥,能够密钥交换或过程中可能的
没有私钥的访问权限。请参阅详细的内部异常
.. ---> System.ArgumentException:很可能是
证书CN = 的.mydomain.com来,OU =安全链接SSL通配符,
OU = IT O = MYDOMAIN,C = US可能不会有一个私钥是密钥交换或进程可能没有为
私钥的访问权限的能力
。请参阅详细的内部异常。 --->
System.Security.Cryptography.CryptographicException:句柄
无效
The exception message is: It is likely that certificate 'CN=.mydomain, OU=Secure Link SSL Wildcard, OU=I.T., C=US' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail.. ---> System.ArgumentException: It is likely that certificate 'CN=.mydomain.com, OU=Secure Link SSL Wildcard, OU=I.T., O=mydomain, C=US' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: The handle is invalid.
我。已经证实ASP.Net 1.1,2和4的Web服务扩展都设置为允许。我也证实了证书设置在IIS中,它显示您有一个对应于该证书私钥。此外,执行权限设置为脚本和可执行文件。
I've confirmed ASP.Net 1.1, 2, and 4 are all set to 'Allow' in 'Web Service Extensions'. I've also confirmed the cert is set up in iis and it shows 'You have a private key that corresponds to this certificate'. Also, Execute Permissions are set to 'Script and Executables'.
推荐答案
我有这个问题,它原来的帐户。该服务正在运行下,没有权限访问该证书的私钥
I had this problem, and it turned out that the account the service was running under did not have permissions to access the certificate's private key.
下面是我用来解决这个问题的步骤:
Here are the steps I used to solve it:
- 启动Cetificate经理。通过运行MMC,活[文件]做到这一点 - [添加/删除管理单元...],然后添加证书,在随后的向导对话框中选择计算机帐户和本地计算机
- 在证书管理,相关的证书上单击鼠标右键并激活[所有任务] - [管理私钥]
- 这给你一个权限窗口。点击的添加的
- 添加帐户名或组此服务下运行。
- Start the Cetificate manager. Do this by running MMC, activate [File]-[Add/Remove Snap-in...], then add "Certificates", selecting "Computer Account" and "Local Computer" in the ensuing wizard dialogs.
- In the certificate manager, right-click on the relevant certificate and activate [All Tasks]-[Manage Private Keys]
- This gives you a permissions window. Click Add
- Add the account name or group that this service runs under.
这篇关于WCF错误:“这可能是证明”我的证书“可能不会有一个私钥,能够密钥交换的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
