错误:'ID1039:无法访问证书的私钥
[英]Error: 'ID1039: The certificate's private key could not be accessed
问题描述
I am implementing ADFS authentication in azure but I face the following problem: 
我在azure中实现ADFS身份验证,但是我面临以下问题:
An exception of type 'System.Configuration.ConfigurationErrorsException' occurred in System.IdentityModel.Services.dll but was not handled in user code
Additional information: ID1024: The configuration property value is not valid. 附加信息:ID1024:配置属性值无效。
Property name: serviceCertificate 属性名称: serviceCertificate
Error: 'ID1039: The certificate's private key could not be accessed.
Thumbprint: 'df113454dsf1321(value here I changed the value)'' Thumbprint:'df113454dsf1321(这里的值我更改了值)''
when I right click on the certificate and then click all task then it not show me the option for Manage Private Keys and gave access to IIS user. 当我右键单击证书然后单击所有任务时,它不显示管理私钥的选项并授予IIS用户访问权限。 How I fix the problem. 我是如何解决这个问题的。 web.config file contents: web.config文件内容:
<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="dfdsfdfdf(here I changed the value)" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
3 个解决方案
解决方案1
11 2016-05-11 13:15:53
I was getting same issue. 我遇到了同样的问题。 The fix is, to allow the AppPool user (NETWORK SERVICE) to read the certificate private key). 修复方法是,允许AppPool用户(NETWORK SERVICE)读取证书私钥。
- Open the MMC snap-in by running mmc.exe. 通过运行mmc.exe打开MMC管理单元。
- Select File -> Add/remove snap-in. 选择“文件” - >“添加/删除管理单元”。 Select Certificates and click “Add”. 选择“证书”,然后单击“添加”。
- Select “Computer Account”. 选择“计算机帐户”。 Click Finish. 单击完成。 Click Next. 点击下一步。
- Drill down to Personal -> Certificates. 深入查看个人 - >证书。
- Right-click your certificate and select All Tasks -> Manage private keys. 右键单击您的证书,然后选择“所有任务” - >“管理私钥”。
- Add NETWORK SERVICE and give it “read” privileges. 添加NETWORK SERVICE并赋予其“读取”权限。
Thanks, Shivesh 谢谢,Shivesh
解决方案2
0 2018-05-15 13:11:36
Please check the Application Pool setting for the particular application. 请检查特定应用程序的“应用程序池”设置。 In Application pool advanced setting : Identity should be NetworkService. 在应用程序池高级设置中:标识应为NetworkService。
解决方案3
-1 2017-03-09 16:28:19
It is also possible that even though you have the certificate, the private key is not installed in the right place. 即使您拥有证书,也可能没有在正确的位置安装私钥。 I got the same error, but adding the correct user (IIS AppPool\\DefaultAppPool) was not sufficient. 我得到了同样的错误,但添加正确的用户(IIS AppPool \\ DefaultAppPool)是不够的。 I also had import the .pfx: 我也导入了.pfx:
On Windows 7 在Windows 7上
-Open MMC - 打开MMC
-Add Certificates snap-in to manage Local Computer - 添加证书管理单元以管理本地计算机
-Right click Personal store, All Tasks->Import - 右键单击个人存储,所有任务 - >导入
-Select the .pfx file (NOT the default .crt/.cer) - 选择.pfx文件(不是默认的.crt / .cer)
-Enter password, complete the wizard - 输入密码,完成向导
This got my local site working when nothing else I Googled worked. 这让我的本地网站工作,而没有其他任何我用Google搜索工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.