[英]Automate SSL certificate install to IIS 6 sites using C#
我正在尝试通过C#代码在IIS 6中自动生成网站的过程。 我正在使用DirectoryServices,而且我已经快到了。。我让它创建了网站,设置了所有绑定等。 我还没有弄清楚如何安装我们的通配ssl证书。 详细信息如下:
我们有一个与“ * .example.com”匹配的SSL证书。 我们托管的每个站点都有一个匹配的服务器绑定。 例如“ test.example.com”。 我想我知道如何添加SecureBinding属性:
DirectoryEntrySite.Properties["SecureBindings"][0] = "xx.xx.xx.xx:443:test.example.com";
但是我没有成功找到有关如何自动将证书安装到站点的信息。 在IIS 6管理器中,您可以通过右键单击站点->属性->目录安全性->服务器证书->下一步->分配现有证书->(选择证书)->下一步来执行此操作。
有人可以帮忙吗?
看到这个: http : //forums.iis.net/t/1163325.aspx
using Microsoft.Web.Administration;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
X509Certificate2 certificate = new X509Certificate2(pfxFilePath);
store.Add(certificate);
using (ServerManager serverManager = new ServerManager())
{
Site site = serverManager.Sites["Default Web Site"];
if (site != null)
{
site.Bindings.Add("*:443:", certificate.GetCertHash(), store.Name);
}
store.Close();
}
好的,已经回答了这个问题,但是授予的答案不是针对IIS6,而是针对IIS7和更高版本。 命名空间Microsoft.Web.Administration无法用于IIS6。 我们将.NET 4.0中的一系列技术整合在一起,以使这项工作有效。
脚步...
using System.Linq;
using System.Management;
namespace CertStuff
{
public class CertificateInstaller
{
public void RegisterCertificateWithIIS6(string webSiteName, string certificateFilePath, string certificatePassword)
{
// USE WMI TO DERIVE THE INSTANCE NAME
ManagementScope managementScope = new ManagementScope(@"\\.\root\MicrosoftIISv2");
managementScope.Connect();
ObjectQuery queryObject = new ObjectQuery("SELECT Name FROM IISWebServerSetting WHERE ServerComment = '" + webSiteName + "'");
ManagementObjectSearcher searchObject = new ManagementObjectSearcher(managementScope, queryObject);
var instanceNameCollection = searchObject.Get();
var instanceName = (from i in instanceNameCollection.Cast<ManagementObject>() select i).FirstOrDefault();
// USE IIS CERT OBJ TO IMPORT CERT - THIS IS A COM OBJECT
var IISCertObj = new CERTOBJLib.IISCertObjClass();
IISCertObj.InstanceName = instanceName["Name"].ToString();
IISCertObj.Import(certificateFilePath, certificatePassword, false, true); // OVERWRITE EXISTING
}
}
}
要删除证书参考,请使用以下方法...
public void UnRegisterCertificateWithIIS6(string webSiteName)
{
// USE WMI TO DERIVE THE INSTANCE NAME
ManagementScope managementScope = new ManagementScope(@"\\.\root\MicrosoftIISv2");
managementScope.Connect();
ObjectQuery queryObject = new ObjectQuery("SELECT Name FROM IISWebServerSetting WHERE ServerComment = '" + webSiteName + "'");
ManagementObjectSearcher searchObject = new ManagementObjectSearcher(managementScope, queryObject);
foreach (var instanceName in searchObject.Get())
{
var IISCertObj = new CERTOBJLib.IISCertObjClass();
IISCertObj.InstanceName = instanceName["Name"].ToString();
// THE REMOVE CERT CALL COMPLETES SUCCESSFULLY, BUT FOR WHATEVER REASON, IT ERRORS OUT.
// SWALLOW THE ERROR.
try
{
IISCertObj.RemoveCert(false, true);
}
catch (Exception ex)
{
}
}
}
注意:如果收到错误“无法嵌入互操作类型'CERTOBJLib.IISCertObjClass'。请改用适用的接口。”,这意味着步骤2已跳过。 确保未嵌入参考对象。
为此,使用.Net 4.7和IIS 10,可以传递以下标志:
X509Certificate2 certificate = new X509Certificate2(path, "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable| X509KeyStorageFlags.MachineKeySet);
如果您将证书存储在CurrentUser存储中而不是LocalMachine存储中,请执行以下操作:
X509Certificate2 certificate = new X509Certificate2(path, "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable| X509KeyStorageFlags.UserKeySet);
键设置标志指示以下内容:
//
// Summary:
// Private keys are stored in the current user store rather than the local computer
// store. This occurs even if the certificate specifies that the keys should go
// in the local computer store.
UserKeySet = 1,
//
// Summary:
// Private keys are stored in the local computer store rather than the current user
// store.
MachineKeySet = 2,
私钥必须与证书的其余部分位于同一位置,才能与IIS一起使用。
如何使用 C#、WMI 和/或 System.Management 从 IIS 6.0 获取站点列表和 SSL 证书?
[英]How to get a list of sites and SSL certificates from IIS 6.0 using C#, WMI, and/or System.Management?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.