Asp. NET using X509Certificate2 to share some of the problems that arise with the solution

This article is mainly for you to introduce the use of ASP. X509Certificate2 A series of solutions to the problem, with a certain reference value, interested in small partners can refer to

In the case of payment refunds, the result is a series of pits, due to the need to use the P12 certificate. Make a record here for easy access later.

The code that originally loaded the certificate:

Copy the Code code as follows:

1 X509Certificate2 cert = new X509Certificate2 (path + Wxpayconfig.sslcert_path, Wxpayconfig.sslcert_password); 2 REQUEST.CLIENTCERTIFICATES.ADD (CERT);

Test pass on vs. However, the issue has been reported on deployment to IIS:

Copy the Code code as follows:

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

Detailed stack trace information:

At System.Security.Cryptography.CryptographicException.ThrowCryptographicException (Int32 hr)
In System.security.cryptography.x509certificates.x509utils._loadcertfromfile (String fileName, IntPtr password, UInt32 dwFlags, Boolean persistkeyset, safecertcontexthandle& pcertctx)
In System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile (String fileName, Object Password, x509keystorageflags keystorageflags)
In System.Security.Cryptography.X509Certificates.X509Certificate2. ctor (String fileName, string password)
In TenpayCore.HttpService.Post (tenpayexception& Tpex, byte[] xml, String URL, Boolean isusecert, Int32 timeout).

After repeated testing, verify that the problem is not the code and file path. After querying Microsoft's documentation, I found the instructions, pointed out the problem, and the following to share my operation flow.

1. Install the certificate up

Click [Start], [run], type [MMC], enter the console interface, select [File], Add/Remove Snap-in (ctrl+m)

Select [Certificate], [computer account], [next] [finish]

Select [Certificates], [import]

Import your certificate file

2. Certificate of Authorization

First install the WinHttpCertCfg.exe tool (Windows HTTP Services Certificate Configuration tool). After the installation is complete, the tool is under C:\Program Files (x86) \ Windows Resource kits\tools or C:\Program files\windows Resource kits\tools folder. Open the cmd type command:

Copy the Code code as follows:

Winhttpcertcfg-g-C Local_machine\my-s "Your certificate name"--"Your IIS Account ID"

The-G directive is authorized

-C refers to the store where the certificate resides

In addition, the name of the certificate is this, and not something else, I was mistaken, click on the certificate details to take the name inside, resulting in unsuccessful authorization.

And the IIS account ID, refers to the site corresponding to the application pool, the advanced settings have identified this option to select the corresponding user. The identity I authorized at that time was the network Service, and the identity in the application pool was applicationpoolidentity, resulting in my request:

Copy the Code code as follows:

System.Net.WebException: Request aborted: Failed to create SSL/TLS secure channel.

3. Modify the Code

After you have done these configurations, modify the code that previously loaded the certificate.

Copy the Code code as follows:

1 X509store store = new X509store ("My", Storelocation.localmachine); 2 store. Open (Openflags.readonly | OPENFLAGS.OPENEXISTINGONLY); 3 4 System.Security.Cryptography.X509Certificates.X509Certificate2 cert = 5 store. Certificates.find (x509findtype.findbysubjectname, "Your certificate name", false) [0];

Test again, finally success!