堆栈内存溢出
  简体   繁体   English

IIS Express 使用“虚构的”SSL 证书

[英]IIS Express using "imaginary" SSL certificate

 原文  2020-03-03 15:02:20       windows/ ssl-certificate/ iis-express

问题描述

I've been fighting this for a couple weeks now.我已经为此奋斗了几个星期。 I've exhausted my Google-fu and need your help.我已经用尽了我的 Google-fu,需要你的帮助。

I want to delete the certificate that IIS Express is defaulting to (which is about to expire) and use the one that gets created when I "repair" IIS Express.我想删除 IIS Express 默认使用的证书(即将过期)并使用我“修复”IIS Express 时创建的证书。

IIS Express is using an SSL Certificate that I can't find anywhere on my PC. IIS Express 使用的 SSL 证书我在 PC 上的任何地方都找不到。 Currently it's NOT using the cert that it creates during the repair.目前它没有使用它在修复过程中创建的证书。 It's using some rando cert that I can't find anywhere on my computer.它使用了一些我在计算机上找不到的随机证书。

I've been through the mmc snap-in 100 times, run dos and powershell commands, searched through my registry, searched through the file system, I even went through 100k lines of process monitor trying to find where it was pulling the certificate from.我已经通过 mmc 管理单元 100 次,运行 dos 和 powershell 命令,搜索我的注册表,搜索文件系统,我什至浏览了 100k 行进程监视器,试图找到它从哪里提取证书。 I can't find the certificate it's using anywhere.我在任何地方都找不到它正在使用的证书。

Windows 10. This is a cert dump with the relevant localhost entries: Windows 10。这是一个带有相关本地主机条目的证书转储:

Location   : CurrentUser

Name : Root

Subject      : CN=localhost
Issuer       : CN=localhost
Thumbprint   : 7019C23346CD99CDE8ED35F2A712410F3E5A03DB
FriendlyName : ASP.NET Core HTTPS development certificate
NotBefore    : 2/28/2020 8:26:43 AM
NotAfter     : 2/27/2021 8:26:43 AM
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, 
               System.Security.Cryptography.Oid...}

Subject      : CN=localhost
Issuer       : CN=localhost
Thumbprint   : 4671C5C7DC49E26F318C30911B4494D2511E665E
FriendlyName : IIS Express Development Certificate
NotBefore    : 2/28/2020 8:26:16 AM
NotAfter     : 2/27/2025 6:00:00 PM
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}

Name: My

Subject      : CN=localhost
Issuer       : CN=localhost
Thumbprint   : 7019C23346CD99CDE8ED35F2A712410F3E5A03DB
FriendlyName : ASP.NET Core HTTPS development certificate
NotBefore    : 2/28/2020 8:26:43 AM
NotAfter     : 2/27/2021 8:26:43 AM
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, 
               System.Security.Cryptography.Oid...}

Subject      : CN=localhost
Issuer       : CN=localhost
Thumbprint   : 4671C5C7DC49E26F318C30911B4494D2511E665E
FriendlyName : IIS Express Development Certificate
NotBefore    : 2/28/2020 8:26:16 AM
NotAfter     : 2/27/2025 6:00:00 PM
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}

And this is the cert that's being served to Chrome:这是提供给 Chrome 的证书:

Serial number: 00e7573e7ee6f8a315
Signature algorithm: sha256RSA
Issuer: localhost
Subject: localhost
1.3.6.1.4.1.311.84.1.1: ASP.NET Core HTTPS development certificate
Thumbprint: f3b46e7bd1d6a66d150948342ffe00ebb42f33ac

Anyone have any ideas?谁有想法? Let me know if you need any additional information.如果您需要任何其他信息,请告诉我。

1 个解决方案

解决方案1
 0  2020-03-05 16:06:01

Kestrel attempts to find a "default" certificate for the project. Kestrel 尝试为项目找到“默认”证书。 That certificate is NOT stored in the computer's key store.该证书未存储在计算机的密钥库中。 It's stored on the file system as a .pfx file.它作为 .pfx 文件存储在文件系统上。 The path is %appData%\\ASP.NET\\https.路径是 %appData%\\ASP.NET\\https。

I found this out by reading through the Kestrel source code KestrelConfigurationLoader.TryGetCertificatePath():我通过阅读 Kestrel 源代码 KestrelConfigurationLoader.TryGetCertificatePath() 发现了这一点:

    var hostingEnvironment = Options.ApplicationServices.GetRequiredService<IHostEnvironment>();
    var appName = hostingEnvironment.ApplicationName;

    // This will go away when we implement
    // https://github.com/aspnet/Hosting/issues/1294
    var appData = Environment.GetEnvironmentVariable("APPDATA");
    var home = Environment.GetEnvironmentVariable("HOME");
    var basePath = appData != null ? Path.Combine(appData, "ASP.NET", "https") : null;
    basePath = basePath ?? (home != null ? Path.Combine(home, ".aspnet", "https") : null);
    path = basePath != null ? Path.Combine(basePath, $"{appName}.pfx") : null;
    return path != null;

I deleted the keys that were in the folder and it resolved my problem.我删除了文件夹中的密钥,它解决了我的问题。 Happy days!快乐的时光!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有SSL问题的IIS Express调试 - IIS Express Debugging with SSL Issues 如何为托管在 IIS 7 中的网站创建 SSL 证书? - How to create a SSL certificate for a website being hosted in a IIS 7? 使用 powershell 在 IIS 10 中重新绑定证书 - Certificate Rebind in IIS 10 using powershell 将SSL客户端证书与IXMLHTTPRequest3一起使用 - Using a SSL client certificate with IXMLHTTPRequest3 使用C ++在Windows上获取ssl证书 - Obtaining ssl certificate on windows using C++ 使用 powershell 更改 IIS SSL 设置 - Change IIS SSL settings using powershell 如何获得在VPS服务器上的Windows VM上运行的NodeJS Express API的有效SSL证书? - How to get a valid SSL certificate for a NodeJS Express API, running on a Windows VM on a VPS server? 使用 winhttpcertcfg 授予多个 IIS 应用程序池对同一证书的权限 - Grant Multiple IIS App Pools Permission to Same Certificate Using winhttpcertcfg 指向另一个Windows 2012服务器的子域+使用通配符SSL证书 - Subdomain pointing to another Windows 2012 server + using wildcard SSL certificate Microsoft HTTP Server API - 使用SSL,如何要求客户端证书? - Microsoft HTTP Server API - using SSL, how to demand client certificate?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM