[英]IIS Express using "imaginary" SSL certificate
I've been fighting this for a couple weeks now.我已经为此奋斗了几个星期。 I've exhausted my Google-fu and need your help.
我已经用尽了我的 Google-fu,需要你的帮助。
I want to delete the certificate that IIS Express is defaulting to (which is about to expire) and use the one that gets created when I "repair" IIS Express.我想删除 IIS Express 默认使用的证书(即将过期)并使用我“修复”IIS Express 时创建的证书。
IIS Express is using an SSL Certificate that I can't find anywhere on my PC. IIS Express 使用的 SSL 证书我在 PC 上的任何地方都找不到。 Currently it's NOT using the cert that it creates during the repair.
目前它没有使用它在修复过程中创建的证书。 It's using some rando cert that I can't find anywhere on my computer.
它使用了一些我在计算机上找不到的随机证书。
I've been through the mmc snap-in 100 times, run dos and powershell commands, searched through my registry, searched through the file system, I even went through 100k lines of process monitor trying to find where it was pulling the certificate from.我已经通过 mmc 管理单元 100 次,运行 dos 和 powershell 命令,搜索我的注册表,搜索文件系统,我什至浏览了 100k 行进程监视器,试图找到它从哪里提取证书。 I can't find the certificate it's using anywhere.
我在任何地方都找不到它正在使用的证书。
Windows 10. This is a cert dump with the relevant localhost entries: Windows 10。这是一个带有相关本地主机条目的证书转储:
Location : CurrentUser
Name : Root
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 7019C23346CD99CDE8ED35F2A712410F3E5A03DB
FriendlyName : ASP.NET Core HTTPS development certificate
NotBefore : 2/28/2020 8:26:43 AM
NotAfter : 2/27/2021 8:26:43 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 4671C5C7DC49E26F318C30911B4494D2511E665E
FriendlyName : IIS Express Development Certificate
NotBefore : 2/28/2020 8:26:16 AM
NotAfter : 2/27/2025 6:00:00 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
Name: My
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 7019C23346CD99CDE8ED35F2A712410F3E5A03DB
FriendlyName : ASP.NET Core HTTPS development certificate
NotBefore : 2/28/2020 8:26:43 AM
NotAfter : 2/27/2021 8:26:43 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}
Subject : CN=localhost
Issuer : CN=localhost
Thumbprint : 4671C5C7DC49E26F318C30911B4494D2511E665E
FriendlyName : IIS Express Development Certificate
NotBefore : 2/28/2020 8:26:16 AM
NotAfter : 2/27/2025 6:00:00 PM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
And this is the cert that's being served to Chrome:这是提供给 Chrome 的证书:
Serial number: 00e7573e7ee6f8a315
Signature algorithm: sha256RSA
Issuer: localhost
Subject: localhost
1.3.6.1.4.1.311.84.1.1: ASP.NET Core HTTPS development certificate
Thumbprint: f3b46e7bd1d6a66d150948342ffe00ebb42f33ac
Anyone have any ideas?谁有想法? Let me know if you need any additional information.
如果您需要任何其他信息,请告诉我。
Kestrel attempts to find a "default" certificate for the project. Kestrel 尝试为项目找到“默认”证书。 That certificate is NOT stored in the computer's key store.
该证书未存储在计算机的密钥库中。 It's stored on the file system as a .pfx file.
它作为 .pfx 文件存储在文件系统上。 The path is %appData%\\ASP.NET\\https.
路径是 %appData%\\ASP.NET\\https。
I found this out by reading through the Kestrel source code KestrelConfigurationLoader.TryGetCertificatePath():我通过阅读 Kestrel 源代码 KestrelConfigurationLoader.TryGetCertificatePath() 发现了这一点:
var hostingEnvironment = Options.ApplicationServices.GetRequiredService<IHostEnvironment>();
var appName = hostingEnvironment.ApplicationName;
// This will go away when we implement
// https://github.com/aspnet/Hosting/issues/1294
var appData = Environment.GetEnvironmentVariable("APPDATA");
var home = Environment.GetEnvironmentVariable("HOME");
var basePath = appData != null ? Path.Combine(appData, "ASP.NET", "https") : null;
basePath = basePath ?? (home != null ? Path.Combine(home, ".aspnet", "https") : null);
path = basePath != null ? Path.Combine(basePath, $"{appName}.pfx") : null;
return path != null;
I deleted the keys that were in the folder and it resolved my problem.我删除了文件夹中的密钥,它解决了我的问题。 Happy days!
快乐的时光!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.