简体   繁体   English

使用 winhttpcertcfg 授予多个 IIS 应用程序池对同一证书的权限

[英]Grant Multiple IIS App Pools Permission to Same Certificate Using winhttpcertcfg

I have a certificate I need to install and grant access to for my IIS C# .NET applications to securely connect to FirstData.我有一个证书,需要安装并授予我的 IIS C# .NET 应用程序访问权限,以安全地连接到 FirstData。 I don't know much about certificates, so I'm running commands that look like this:我对证书不太了解,所以我正在运行如下所示的命令:

"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App1" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App2" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App3" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App4" -p <cert password>  
"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App5" -p <cert password>  

"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App1"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App2"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App3"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App4"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App5"  

However, this doesn't seem to work as expected.但是,这似乎并没有按预期工作。 I actually ended up doing the above for 3 of the app pools, and then later doing it for 2 more.实际上,我最终对 3 个应用程序池执行了上述操作,然后又对 2 个应用程序池执行了上述操作。 Some of my sites don't work, but if I rerun just the command for one site, it breaks the others.我的一些站点不起作用,但如果我只为一个站点重新运行命令,它会破坏其他站点。 It seems like I can't get all 5 to work at the same time.似乎我无法同时让所有 5 个工作。

It seems like the proper sequence should actually be one -i command, and then 5 -g commands.似乎正确的顺序实际上应该是一个 -i 命令,然后是 5 个 -g 命令。 But I'm not sure, and I can't find any multi-site examples online.但我不确定,我在网上找不到任何多站点示例。 How do I correctly grant all 5 of my app pools permission to use the certificate?如何正确授予我的所有 5 个应用程序池使用证书的权限?

While I still do not fully understand the ins and outs of winhttpcertcfg and its switches, I was able to solve my problem.虽然我仍然不完全了解 winhttpcertcfg 及其开关的来龙去脉,但我能够解决我的问题。 The answer is to do ONE -i command and then the all the -g commands.答案是先执行 ONE -i 命令,然后执行所有 -g 命令。 Like so:像这样:

"C:\path\winhttpcertcfg" -i "WS10012NNN._.1.p12" -c LOCAL_MACHINE\MY -a "my-server-name\IIS APPPOOL\App1" -p <cert password> 

"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App1"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App2"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App3"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App4"  
"C:\path\winhttpcertcfg" -g -c LOCAL_MACHINE\MY -s "WS10012NNN._.1" -a "my-server-name\IIS APPPOOL\App5"  

If you execute an "-i" command again for this certificate, all of your grants will become void and you have to redo them.如果您对该证书再次执行“-i”命令,您的所有授权都将失效,您必须重做。 So basically, one install command, then all of your grants point to that install.所以基本上,一个安装命令,然后你所有的授权都指向那个安装。 If you do another install of that certificate, you have to grant everything again.如果您再次安装该证书,则必须再次授予所有权限。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM