我有一个来自 Thawte 的代码签名证书,用于动态生成和签署 ClickOnce 部署清单。问题是,当我们重新启动 IIS 或重新导入签名证书时,生成和签署这些清单的 ASP.NET 应用程序工作正常,但随着时间的推移,以下函数无法找到证书:
private static X509Certificate2 GetSigningCertificate(string thumbprint)
{
X509Store x509Store = new X509Store(StoreLocation.CurrentUser);
try
{
x509Store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection x509Certificate2Collection = x509Store.Certificates.Find(
X509FindType.FindByThumbprint, thumbprint, false);
if (x509Certificate2Collection.Count == 0)
throw new ApplicationException(
"SigningThumbprint returned 0 results. Does the code signing certificate exist in the personal store?",
null);
if (x509Certificate2Collection.Count > 1)
throw new ApplicationException(
"SigningThumbprint returned more than 1 result. This isn't possible", null);
var retval = x509Certificate2Collection[0];
if(retval.PrivateKey.GetType() != typeof(RSACryptoServiceProvider))
throw new ApplicationException("Only RSA certificates are allowed for code signing");
return retval;
}
finally
{
x509Store.Close();
}
}
最终,应用程序开始抛出找不到证书的错误。我很困惑,因为我认为证书安装正确(或大部分正确),因为它确实在我们启动 ASP.NET 应用程序时找到了证书,但在某些时候我们点击了 Count==0 分支,但事实并非如此:证书位于应用程序池用户的“当前用户\个人”证书存储中。
问题:为什么证书会突然“消失”或找不到?