以编程方式将证书导入IIS？ [英] Programmatically import cert into IIS?

问题描述

我有一个SSL的.pem证书，我想用我的Web应用程序在MSI中分发它（必须在客户端的计算机上运行）。然后我需要导入它（进入一些凭证存储？）并告诉我的网站绑定使用它。但是我怎么能在代码中做到这一点？我发现了Microsoft.Web.Administration，但不确定从哪里开始......

I have a .pem certificate for SSL, I want to distribute it with my web application in an MSI (has to run on clients' computers). I then need to import it (into some credentials store?) and tell my site bindings to use it. But how can I do this in code? I've discovered Microsoft.Web.Administration, but not sure where to go from there …

这是IIS7顺便说一句。

This is in IIS7 btw.

编辑：这里的目标是拥有一个客户可以在其内部网上运行的Web应用程序。它主要作为iPhone应用程序的API。 （也许这不是最好的设计，但我们现在已被锁定。）所以客户安装了MSI，瞧，他们有一个Web服务。现在需要在iPhone和Web服务之间进行密码验证;最简单的方法似乎是在https中完成。所以我做了一个自签名的证书。

The goal here is to have a web application that customers can run on their intranets. It mainly acts as an API for an iPhone app. (Maybe this isn't the best design but we're locked in now.) So the customer installs the MSI, and voila, they have a web service. Now there needs to be password authentication between the iPhone and the web service; the simplest way seemed to be to do it in https. So I made a self-signed cert.

我知道重新分发一个证书通常是一个坏主意，但我们只是想在这里击败偶然的黑客......这只是内联网，仅限企业，似乎不太可能有人做任何过于疯狂的事情，并且API严重限制了你能够对数据库做的坏事的数量。

I'm aware that redistributing a single cert is generally a bad idea, but we're just trying to defeat casual hackers here … this is going to be intranet only and for businesses only, it seems unlikely that anyone is going to be doing anything too crazy, and the API severely restricts the amount of Bad Things you are able to do to the database anyways.

所以我们去了，目标是在Intranet Web应用程序上进行密码验证，只需单击（ish）安装即可。 ：-D

So there we go, the goal is to have password authentication on an intranet web app, with one-click(ish) installation. :-D

推荐答案

亲爱的读者，答案是：

// Assume 'site' is already set to your site via something like 
// Site site = mgr.Sites.Add(siteName, directory, 443);

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

// Here, directory is my install dir, and (directory)\bin\certificate.pfx is where the cert file is.
// 1234 is the password to the certfile (exported from IIS)
X509Certificate2 certificate = new X509Certificate2(directory + @"\bin\certificate.pfx", "1234");

store.Add(certificate);

var binding = site.Bindings.Add("*:443:", certificate.GetCertHash(), store.Name);
binding.Protocol = "https";
store.Close();

感谢这个随机线程： http://forums.iis.net/t/1163325.aspx

这篇关于以编程方式将证书导入IIS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！