IIS 网站创建 - 创建 TLS 服务器凭据时发生致命错误

如何解决IIS 网站创建 - 创建 TLS 服务器凭据时发生致命错误

我正在以编程方式在 IIS 中创建一个网站。为了添加“https”的绑定，我创建了“pfx”证书，如下所示。

public static string MakeCertFile(string folderPath)
        {
            //Folder Path is comething like "C\\temp\\";
            var  password = "AdmTo@123";
            var ecdsa = ECDsa.Create(); // generate asymmetric key pair
            var req = new CertificateRequest("cn=corixaz",ecdsa,HashAlgorithmName.SHA256);
            var cert = req.CreateSelfSigned(DateTimeOffset.Now,DateTimeOffset.Now.AddYears(5));
            var friendlyName = "corixazServercert.cer";
            string filename = folderPath + "\\" + friendlyName;
            string pfxFriendlyFileName = "corixazServercert.pfx";
            string pfxFileName = folderPath + "\\" + pfxFriendlyFileName;
               
            File.WriteallBytes(pfxFileName,cert.Export(X509ContentType.Pfx,password)); //X509KeyStorageFlags.MachineKeySet

            File.WriteallText(filename,"-----BEGIN CERTIFICATE-----\r\n"
                    + Convert.ToBase64String(cert.Export(X509ContentType.Cert),Base64FormattingOptions.InsertLineBreaks)
                + "\r\n-----END CERTIFICATE-----");
            InstallCertificate(pfxFriendlyFileName,password);
                return pfxFriendlyFileName;          
         }

InstallCertificate 方法如下-

public  static void InstallCertificate(string cerFileName,string password,StoreName soreName = StoreName.My)
        {
            X509Certificate2 certificate = new X509Certificate2(cerFileName,password,X509KeyStorageFlags.MachineKeySet);
            certificate.FriendlyName = cerFileName;
            X509Store store = new X509Store(StoreName.My,StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadWrite);
            store.Add(certificate);
            store.Close();            
        }

从商店获取证书，方法是这样的-

public  static X509Certificate2 GetValidCertFromStore(string certificateName,StoreName storeName = StoreName.My)
        {
            X509Store store = new X509Store(storeName,StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certs = store.Certificates;
            DateTime highestValidDate = DateTime.Today;
            X509Certificate2 certToReturn = null;
            foreach (var cert in certs)
            {
                if (cert.FriendlyName.Equals(certificateName))
                {
                    if (certToReturn == null || cert.NotAfter >= highestValidDate)
                    {
                        certToReturn = cert; // we want to take the latest
                    }
                }
            }
            return certToReturn;
        }

然后我有另一种方法来为网站创建“https”绑定。

public static void AddCertificatetoWebSite(Site site,string cerFileName,int port,string password)
        {
           
                X509Certificate2 certificate = GetValidCertFromStore(cerFileName);                
                X509Store store = new X509Store(StoreName.My,StoreLocation.LocalMachine);              
                var binding = site.Bindings.Add("*:443" + ":",certificate.GetCertHash(),store.Name);
                binding.Protocol = "https";
                store.Close();            
        }

在调用方法中，每当我执行“serverManager.CommitChanges()”调用时，我都会收到异常 - “发生内部错误。(0x8007054F)。”

当我查看事件日志时 - 错误是这样的 - “创建 TLS 服务器凭据时发生致命错误。内部错误状态为 10018。” 我在互联网上找不到任何与此相关的材料。 我使用的是 Windows Server 2019 和 IIS 10.0.1776

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。