问题描述
我需要授予 IIS 用户对 pfx 证书的访问权限.该网站在某个用户 AppPoolUser 下的 App Pool 下运行.IIS 自动拥有用户名IIS APPPOOLAppPoolUser",这是我们在使用 aspnet_regiis -ga 时需要提供的访问权限.
I need to give access to the IIS user to a pfx certificate. The website is running under the App Pool under some user AppPoolUser. IIS automatically has the user name "IIS APPPOOLAppPoolUser" and this is what we need to give access when we use aspnet_regiis -ga .
但是,当我使用 winhttpcertcfg 向用户IIS APPPOOLAppPoolUser"授予访问权限时,它显示未找到帐户信息".
However, when i use winhttpcertcfg to give access to the user "IIS APPPOOLAppPoolUser", it says "No account information was found".
我使用的命令是
winhttpcertcfg -i <filename> -c <certificateLocation> - g -a <account name>
在网络上没有找到任何示例.有什么想法吗?
Didn't find any samples for this over the web. Any ideas?
推荐答案
我知道这是一个老问题,但我昨天也遇到了同样的问题,所以我想回答一下.
I know it's an old question, but I just had the same problem yesterday so I though I'd answer.
我遇到了同样的问题,但证书位于 LocalMachine -> TrustedPeople 存储区...
I had the same problem but with a certificate located in the LocalMachine -> TrustedPeople store...
您必须使用 icacls
而不是 WinHttpCertCfg
,取自 这个链接.
You have to use icacls
instead of WinHttpCertCfg
, taken from this link.
基本上应该是这样的:
ICACLS <filename> /grant "IIS AppPoolDefaultAppPool":R
为了完整起见,这里我需要如何访问受信任的人"商店.部分摘自此链接.
For the sake of completion, here how I needed to do it to access the "Trusted People" store. Taken in part from this link.
使用 Microsoft 的 FindPrivateKey 工具 找到证书的实际文件在商店里.此工具必须从 .WF_WCF_SamplesWCFSetupFindPrivateKeyCS 中的源代码编译.aspx?displaylang=en&id=21459">.NET Framework 4 的 Windows Communication Foundation (WCF) 和 Windows Workflow Foundation (WF) 示例下载.
Use the FindPrivateKey tool from Microsoft to locate the actual file for the cert in the store. This tool must be compiled from the source code in
.WF_WCF_SamplesWCFSetupFindPrivateKeyCS
from the Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4 download.
FindPrivateKey.exe TrustedPeople LocalMachine -t "<thumbprint of the SSL cert>"
在 FindPrivateKey 给出的文件上使用 icacls
.
icacls C:ProgramDataMicrosoftCryptoRSAMachineKeys<path to certificate> /grant "IIS AppPool<your AppPool name>":R
瞧!
这篇关于winhttpcertcfg 在 Windows 7 中授予 IIS 用户访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!