如何配置SharePoint以访问证书?
[英]How to configure SharePoint to access the Certificate?
问题描述
I'm using SharePoint 2010 and I'm configuring a web part using ChannelFactory and Certificate to access a WCF service. 
我正在使用SharePoint 2010,并且正在使用ChannelFactory和Certificate配置Web部件以访问WCF服务。
But I'm getting this error message: 但我收到此错误消息:
Error occured: Could not establish secure channel for SSL/TLS with authority 'my FQDN'. 发生错误:无法使用权限“ my FQDN”为SSL / TLS建立安全通道。
How could I configure my SharePoint web application to have access to read this installed certificate? 如何配置SharePoint Web应用程序以有权读取此已安装的证书?
(I'm sure the certificate is installed correctly on the server where sharepoint is installed and all the WCF configurations are correct) (我确定证书已正确安装在安装了SharePoint的服务器上,并且所有WCF配置都正确)
Many thanks in advance, 提前谢谢了,
2 个解决方案
解决方案1
0 2011-01-19 13:08:07
Have you tried uploading it to the Manage trusts area? 您是否尝试过将其上传到“管理信任”区域?
http://centraladmin/_admin/ManageTrust.aspx http://centraladmin/_admin/ManageTrust.aspx
Rebooted the server? 重新启动服务器?
Installed on all servers in the farm? 是否已安装在服务器场中的所有服务器上? Into the machine store (not service or personal)? 进入机器商店(不是服务或个人)?
解决方案2
0 已采纳 2011-01-27 01:13:01
Are you talking about a client certificate that SharePoint would use to authenticate itself when connecting out to some service? 您是在谈论SharePoint用来连接到某些服务时用来对其自身进行身份验证的客户端证书吗? If that is the case, then you would need to install a certificate along with a private key. 如果是这种情况,那么您将需要安装证书以及私钥。 Otherwise, if you are just talking about a root certificate to validate some server certificate on a remote service, you do not need the private key . 否则,如果您只是在谈论用于验证远程服务上某些服务器证书的根证书, 则不需要私钥 。
Assuming that you mean a client certificate with private key (I don't know how SharePoint uses certificates), then you would have to install the certificate along with a private key, and then, make sure SharePoint has access to the private key. 假设您的意思是带有私钥的客户端证书(我不知道SharePoint如何使用证书),那么您将必须将证书与私钥一起安装,然后确保SharePoint可以访问私钥。
It's not enough just to install with the private key -- you have to either install logged in as the Windows account that the code using the private key will be running under, or, if you install the certificate into the Local Machine "Personal" store, for example, you have to set an ACL on the certificate to give another Windows account access to the private key. 仅使用私钥进行安装还不够—您必须以将运行私钥的代码作为Windows帐户登录的方式安装,或者将证书安装到本地计算机“个人”存储中,例如,您必须在证书上设置ACL,以使另一个Windows帐户可以访问私钥。 To do that, you can use the WinHttpCertCfg tool. 为此,您可以使用WinHttpCertCfg工具。 Cf. cf. here for the general idea, and here to download the tool. 这里是一般想法, 这里是下载工具。 Or from the MMC Certificate snap-in, select the certificate in the Local Machine, Personal store, right-click, select All Tasks, Manage Private Keys, and grant access from there. 或从MMC证书管理单元中,在“本地计算机”,“个人”存储中选择证书,右键单击,选择“所有任务”,“管理私钥”,然后从那里授予访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.