ASP. NET uses X509Certificate2 to solve a series of problems,

ASP. NET uses X509Certificate2 to solve a series of problems,

When you make a refund, because you need to use the p12 certificate, the results encountered a series of pitfalls. Make a record for future reference.

Code for loading the original certificate:

Copy codeThe Code is as follows: 1 X509Certificate2 cert = new X509Certificate2 (path + WxPayConfig. SSLCERT_PATH, WxPayConfig. SSLCERT_PASSWORD); 2 Request. ClientCertificates. Add (cert );

Passed the test on. However, this issue is reported directly when you deploy IIS:

Copy codeThe Code is as follows: System. Security. Cryptography. CryptographicException: the System cannot find the specified file.

Detailed Stack Trace information:

In System. Security. Cryptography. CryptographicException. ThrowCryptographicException (Int32 hr)
In System. Security. Cryptography. X509Certificates. X509Utils. _ LoadCertFromFile (String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle & pCertCtx)
In System. Security. Cryptography. X509Certificates. X509Certificate. LoadCertificateFromFile (String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
In System. Security. Cryptography. X509Certificates. X509Certificate2... ctor (String fileName, String password)
In TenpayCore. HttpService. Post (TenpayException & tpEx, Byte [] xml, String url, Boolean isUseCert, Int32 timeout ).

After repeated tests, it was confirmed that it was not a problem with the code and file path. After querying Microsoft documents, I found related instructions and pointed out the problem. Here is my operation process.

1. Install the certificate

Click [start]-> [run]-> type [mmc] to go to the "console" interface-> select [file]-> [Add/delete management unit] (Ctrl + M)

Select [certificate]-> [Computer Account]-> [next]-> [complete]

Select [certificate]-> [import]

Import your certificate file

2. Authorization Certificate

Install winhttpcertcmd.exe (Windows HTTP Services Certificate Configuration Tool) first ). After installation, go to the C: \ Program Files (x86) \ Windows Resource Kits \ Tools or C: \ Program Files \ Windows Resource Kits \ Tools Folder. Open cmd and enter the following command:

Copy codeThe Code is as follows: winhttpcertcfg-g-c LOCAL_MACHINE \ MY-s "Your Certificate Name"-a "your iis account ID"

-G command is authorization

-C refers to the storage area where the certificate is located.

In addition, this is the name of the certificate, rather than anything else. I just mistakenly clicked the details of the certificate and obtained the name in it, resulting in the failure of authorization.

The iis account ID refers to the application pool corresponding to the site. In advanced settings, the ID option is used to select the corresponding user. At that time, I authorized the Network Service and ApplicationPoolIdentity in the application pool. As a result, the following error occurs when I initiate a request:

Copy codeThe Code is as follows: System. Net. WebException: the request is aborted: the SSL/TLS Security channel cannot be created.

3. modify the code

After completing these configurations, modify the code for loading the certificate.

Copy codeThe Code is as follows: 1 X509Store store = new X509Store ("My", StoreLocation. localMachine); 2 store. open (OpenFlags. readOnly | OpenFlags. openExistingOnly); 3 4 System. security. cryptography. x509Certificates. x509Certificate2 cert = 5 store. certificates. find (X509FindType. findBySubjectName, "Your Certificate Name", false) [0];

Test again and finally succeed!

The above is all the content of this article. I hope it will be helpful for your learning and support for helping customers.