Question

我创建了一个创建证书的方法，将其存储到证书存储区并将其绑定到端口。这是方法：

private static void CreateStoreAndBindCertificate(string a_IpAddress, string a_IpPort)
        {
            Guid _AppId = Guid.Parse("b30f5be6-2920-4fa1-b0a6-5a56b63051bc");

            var _RootCert = new RootCertificateContainer("CN=MyApp Root CA", 1024);
            var _ServerCert = new ServerCertificateContainer("CN=MyAppApi", _RootCert, 1024);

            //Here the Certificate will be created and then store
            string _pathRootCertCER = Path.Combine(Path.GetTempPath(), "root-cert.cer");
            string _pathServerCerPFX = Path.Combine(Path.GetTempPath(), "server-cert.pfx");

            _RootCert.X509Certificate.PrivateKey = null;
            File.WriteAllBytes(
                _pathRootCertCER,
                _RootCert.X509Certificate.Export(X509ContentType.Cert)
            );

            var _ServerCertPFX = new PFX(_ServerCert.X509Certificate);
            File.WriteAllBytes(_pathServerCerPFX, _ServerCertPFX.GeneratePfxFile());

            Process.Start(
                new ProcessStartInfo()
                {
                    CreateNoWindow = true,
                    WindowStyle = ProcessWindowStyle.Hidden,
                    FileName = "certutil",
                    Arguments = string.Format("-f -p -importPFX \"{0}\"", _pathServerCerPFX)
                }
            ).WaitForExit();

            try
            {
                ICertificateBindingConfiguration config = new CertificateBindingConfiguration();
                var _IpPort = new IPEndPoint(IPAddress.Parse(a_IpAddress), Convert.ToInt32(a_IpPort));
                var certificateThumbprint = _ServerCert.X509Certificate.Thumbprint.ToLower();
                if (config.Query(_IpPort).Length > 0)
                    config.Delete(_IpPort);
                config.Bind(new CertificateBinding(certificateThumbprint, StoreName.My, _IpPort, _AppId));
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message);
            }
        }

当我使用参数CreateStoreAndBindCertificate("127.0.0.1", "9001")执行此方法时，我收到此错误：A specified logon session does not exist. It may already have been termintaed.
我错过了什么？

Answer 1

要在端口中绑定证书，我需要使用密码创建.pfx证书。所以我会做同样的小改动：

const string passwordPFX = "MyPassword";

应该在Method的开头添加。变化：

var _ServerCertPFX = new PFX(_serverCert.X509Certificate);

到

var _ServerCertPFX = new PFX(_serverCert.X509Certificate, passwordPFX);

变化：

Process.Start(
                new ProcessStartInfo()
                {
                    CreateNoWindow = true,
                    WindowStyle = ProcessWindowStyle.Hidden,
                    FileName = "certutil",
                    Arguments = string.Format("-f -p  -importPFX \"{0}\"", _pathServerCerPFX)
                }
            ).WaitForExit();

为：

Process.Start(
                new ProcessStartInfo()
                {
                    CreateNoWindow = true,
                    WindowStyle = ProcessWindowStyle.Hidden,
                    FileName = "certutil",
                    Arguments = string.Format("-f -p {0} -importPFX \"{1}\"", passwordPFX, _pathServerCerPFX)
                }
            ).WaitForExit();

另一种可能的解决方案可能是您根本不使用密码，因此您必须从-p ProcessStartInfo删除Arguments。它将如下所示：

Process.Start(
                new ProcessStartInfo()
                {
                    CreateNoWindow = true,
                    WindowStyle = ProcessWindowStyle.Hidden,
                    FileName = "certutil",
                    Arguments = string.Format("-f -importPFX \"{0}\"",  _pathServerCerPFX)
                }
            ).WaitForExit();

SSL证书：指定的登录会话不存在

1 个答案: