基于Azure生成的自签名证书的Certenroll

Question

我已经使用(CERTENROLLLib). Certenroll构建了一个创建自签名证书。所有这些都在本地工作，但一旦我将部署到 it到Azure，就会得到以下结果：

服务器API错误:消息: CertEnroll::CX509Enrollment::_CreateRequest:访问被拒绝。0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)，StackTrace: at

在Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName，Int32 certificateValidityInYears(字符串密码)在Foo.Api.Core.Services.CertificateService.d__4.MoveNext() -从抛出异常的前一个位置的堆栈跟踪-在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务中抛出异常-在Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() -从抛出异常的前一个位置开始的堆栈跟踪的结束(在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task任务) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)在Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --从以前的异常抛出异常的位置--在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务(在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)到System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task任务的堆栈跟踪的末尾)

在Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.d.MoveNext()

如果使用：

var cert = new CX509CertificateRequestCertificate();
            cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");

或

CertEnroll::CX509CertificateRequestCertificate::InitializeFromPrivateKey:服务器API错误:消息：

参数不正确。0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)，StackTrace: at WIN32 Context，IX509PrivateKey pPrivateKey，String strTemplateName)在Foo.Api.Core.Providers.CertificateProvider.GenerateBase64EncodedPfx(String subjectName，Int32 certificateValidityInYears，(字符串密码)在Foo.Api.Core.Services.CertificateService.d__4.MoveNext() -从抛出异常的前一个位置的堆栈跟踪-在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务中抛出异常-在Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() -从抛出异常的前一个位置开始的堆栈跟踪的结束(在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task任务) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)在Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --从以前的异常抛出异常的位置--在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务(在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)到System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task任务的堆栈跟踪的末尾)

在Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.d.MoveNext()

如果使用：

var cert = new CX509CertificateRequestCertificate();
            cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, "");

有什么办法可以克服这个问题与Certenroll在Azure？

编辑：引导我找到正确路径的最终错误。

服务器API错误:消息: CertEnroll::CX509PrivateKey::Create:系统找不到指定的文件。0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)，StackTrace: at CERTENROLLLib.IX509 PrivateKey2.certificateValidityInYears() at subjectName，Int32 certificateValidityInYears，(字符串密码)在Foo.Api.Core.Services.CertificateService.d__4.MoveNext() -从抛出异常的前一个位置的堆栈跟踪-在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务中抛出异常-在Foo.ServerApi.Services.DocumentSigningService.d__7.MoveNext() -从抛出异常的前一个位置开始的堆栈跟踪的结束(在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task任务) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)在Foo.ServerApi.Services.DocumentSigningService.d__5.MoveNext() --从以前的异常抛出异常的位置--在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务(在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)到System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task任务的堆栈跟踪的末尾)

在Foo.ServerApi.Controllers.DocumentController.<>c__DisplayClass10_1.d.MoveNext()

Answer 1

InitializeFromPrivateKey

• when中使用X509CertificateEnrollmentContext.ContextUser创建私钥设置privateKey.MachineContext = false;

• on Azure添加新的应用程序设置E 212H 213G 214

WEBSITE_LOAD_USER_PROFILE =1

让它对我起作用