2

The task is to import certificate to remote server (win2008 server web edition/ IIS7).

certificate is in .pfx file.

after installation I noticed the private key saved on the client server (from which script is running) (in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys), but not on destination server (where certificate is installed). Due this certificate can't be used for site binding with error:

A specified logon session does not exist. It may be already have been terminated.

So. I can see certificate is installed on the remote server but private key is not. What I did wrong ?

Dim pathToPFXFile As String = "\\CertServer\e$\tmp\CPVanitySSLInstall.pfx" 
    Dim passwordForPFXFile As String = "xxx"
    Dim WinVanitySSLTable As Data.DataTable
    Dim cert, cert1 As X509Certificate2
    Dim certs As X509Certificate2Collection
    Dim store As X509Store

    cert = New X509Certificate2(pathToPFXFile, passwordForPFXFile, X509KeyStorageFlags.MachineKeySet Or X509KeyStorageFlags.PersistKeySet Or X509KeyStorageFlags.Exportable)
    store = New X509Store("\\DestinationServerName\My", StoreLocation.LocalMachine)
    If (cert IsNot Nothing) Then
        store.Open(OpenFlags.MaxAllowed)
        store.Add(cert)
        store.Close()
    End If

BTW when I run this script on destination server itself it works completely as expected. Except of this i checked access to machine keys store on remote server \DestinationServerName\C$\ProgramData\Microsoft\Crypto\RSA\MachineKeys and it is OK.

4

1 回答 1

2

您可以使用 Windows 中的证书管理器来验证证书是否具有关联的私钥。在列表中选择证书,然后单击打开或查看图标,如果其中有一个小密钥,您有一个私钥。如果它确实有私钥,请确保 iis 或您的 asp.net 应用程序有权访问它。您可以在 C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys 找到私钥文件以检查权限。

于 2013-09-09T14:58:53.597 回答