使用winhttpcertcfg

时间:2016-09-22 16:44:05

标签: windows iis certificate winhttpcertcfg

我有一个证书,我需要安装并授予我的IIS C#.NET应用程序访问权限,以便安全地连接到FirstData。我对证书知之甚少,所以我运行的命令如下:

"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App1" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App2" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App3" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App4" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App5" -p <cert password>  

"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App1"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App2"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App3"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App4"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App5"

然而,这似乎并没有像预期的那样发挥作用。我实际上最终为3个应用程序池执行了上述操作,然后再执行2个以上。我的一些网站不能正常工作,但如果我重新运行一个网站的命令,它会破坏其他网站。好像我不能让所有5个同时工作。

看起来正确的序列实际上应该是一个-i命令,然后是5 -g命令。但我不确定,我无法在线找到任何多站点示例。 如何正确授予我的所有5个应用池权限以使用该证书?

1 个答案:

答案 0 :(得分:0)

虽然我仍然不完全了解winhttpcertcfg及其开关的来龙去脉,但我能够解决我的问题。答案是执行ONE -i命令,然后执行所有-g命令。像这样:

"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App1" -p <cert password> 

"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App1"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App2"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App3"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App4"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App5"

如果再次为此证书执行“-i”命令,则所有授权都将失效,您必须重做它们。所以基本上,一个安装命令,然后所有授权指向该安装。如果您再安装该证书,则必须再次授予所有内容。

相关问题
最新问题