2

我最近更新了两个 Windows 控制台应用程序的证书。过去我们刚刚更新了证书,但这次不可能,因为我们的第 3 方提供商不再允许这样做。这次创建了一个新证书,名称稍作修改。使用此证书的两个应用程序一个正在运行,另一个在每次运行时都会出现以下错误。

Exception (CryptographicException)
System.Security.Cryptography.CryptographicException: Keyset does not exist 
Server stack trace: at 
System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at 
System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at 
System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at 
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at 
System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at 
System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at 
System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at 
System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens) at 
System.ServiceModel.Security.SendSecurityHeader.CompleteSignature() at 
System.ServiceModel.Security.SendSecurityHeader.CompleteSecurityApplication() at 
System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer) at 
System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota) at 
System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset) at 
System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message) at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at 
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout) at 
System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at 
System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at 
System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at 
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at 
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) 
Exception rethrown at [0]: at 
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at 
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

我已将证书加载到相应的证书存储区。我已授予用户完全访问权限。我已授予“每个人”访问证书的权限。我什至已经将物理文件标识为私有文件,并让用户完全控制它。仍然没有成功。

以下是配置文件的摘录,用于设置访问证书的配置:

<clientCertificate
      findValue="certifcatesubjectishere"
      storeLocation="LocalMachine"
      storeName="TrustedPeople"
      x509FindType="FindBySubjectName"
      />

在此阶段,我们将不胜感激任何帮助或建议。

4

1 回答 1

0

我知道现在回答为时已晚,但对其他人可能有用。我在 IIS 中安装 WCF 应用程序时遇到了同样的问题,我用winhttpcertcfg解决了它。它是 Windows 用于授予/撤销证书权限的官方程序。在这里您可以找到使用说明。

于 2016-11-05T09:14:15.987 回答