X509Certificate2访问被拒绝

时间:2016-05-31 10:52:15

标签: openssl x509certificate2

我一直在尝试将OpenSSL从0.9.8升级到1.0.1版本。创建一个之前运行良好的X509Certificate2证书现在失败了

应用程序错误日志 : System.Security.Cryptography.CryptographicException:拒绝访问。    在System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)    在System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte [] rawData,IntPtr密码,UInt32 dwFlags,布尔persistKeySet,SafeCertContextHandle& pCertCtx)    在System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte [] rawData,Object password,X509KeyStorageFlags keyStorageFlags)    在System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte [] rawData,String password,X509KeyStorageFlags keyStorageFlags)

我已经尝试了所有可能的解决方案,我可以在论坛中找到但是徒劳无功。

代码段

public static X509Certificate2 _signerCert = null;
byte[] pfxData; string pfxPassword;
GetRootCertificate(out pfxData, out pfxPassword);

lock (_lockObjectSigner) {
                        _signerCert = new X509Certificate2(pfxData, pfxPassword);
                    }

安全事件日志 

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> 
  <EventID>5061</EventID> 
  <Version>0</Version> 
  <Level>0</Level> 
  <Task>12290</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8010000000000000</Keywords> 
  <TimeCreated SystemTime="2016-05-31T05:48:49.268222200Z" /> 
  <EventRecordID>33990</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="500" ThreadID="4960" /> 
  <Channel>Security</Channel> 
  <Computer>EMM-DMZ-SUS2.EMMDMZ.com</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="SubjectUserSid">S-1-5-20</Data> 
  <Data Name="SubjectUserName">EMM-DMZ-SUS2$</Data> 
  <Data Name="SubjectDomainName">EMMDMZ</Data> 
  <Data Name="SubjectLogonId">0x3e4</Data> 
  <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data> 
  <Data Name="AlgorithmName">RSA</Data> 
  <Data Name="KeyName">{A7C2BCEE-EC9F-49EA-92A6-666C0F2987DD}</Data> 
  <Data Name="KeyType">%%2499</Data> 
  <Data Name="Operation">%%2481</Data> 
  <Data Name="ReturnCode">0x80090010</Data> 
  </EventData>
  </Event>

尝试了选项: 

public static X509Certificate2 _signerCert = null;
byte[] pfxData; string pfxPassword;
GetRootCertificate(out pfxData, out pfxPassword);

lock (_lockObjectSigner) {
                        _signerCert = new X509Certificate2(pfxData, pfxPassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
                    }

启用IIS应用程序池配置(应用程序池&gt;高级设置)以加载应用程序池标识用户的用户配置文件。

将AppPool的身份更改为NetworkService / LocalService?

在Microsoft密钥文件夹“C:\ programdata \ Microsoft \ Crypto”上手动添加管理员权限。

请告诉我是否还有其他选择值得一试?

此致 Narik

0 个答案:

没有答案
相关问题
最新问题