本地 azure 服務結構上的證書空錯誤

Question

嘗試在我的本地運行 Azure Service Fabric 應用程序時，所有服務都在運行，除了一個拋出證書不能為空的異常。下面是獲取證書的代碼片段。

已在本地計算機和當前用戶的本地安裝證書。

/// <summary>
/// Finds the ASP .NET Core HTTPS development certificate in development environment. Update this method to use the appropriate certificate for production environment.
/// </summary>
/// <returns>Returns the ASP .NET Core HTTPS development certificate</returns>
private static X509Certificate2 GetCertificateFromStore()
{
    string aspNetCoreEnvironment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
    if (string.Equals(aspNetCoreEnvironment, "Development", StringComparison.OrdinalIgnoreCase))
    {
        const string aspNetHttpsOid = "1.3.6.1.4.1.311.84.1.1";
        const string CNName = "CN=localhost";
        using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
        {
            store.Open(OpenFlags.ReadOnly);
            var certCollection = store.Certificates;
            var currentCerts = certCollection.Find(X509FindType.FindByExtension, aspNetHttpsOid, true);
            currentCerts = currentCerts.Find(X509FindType.FindByIssuerDistinguishedName, CNName, true);
            return currentCerts.Count == 0 ? null : currentCerts[0];
        }
    }
    else
    {
        throw new NotImplementedException("GetCertificateFromStore should be updated to retrieve the certificate for non Development environment");
    }
}

Answer 1

您應該嘗試將證書文件復制到 Service Fabric 服務帳戶可以在啟動時獲取它們的位置，然后直接讀取它們，或者將它們寫入**new X509Store(StoreName.My, StoreLocation.CurrentUser)**以供后續使用。

檢查此文檔以獲取進一步參考：

https://github.com/dotnet/corefx/blob/master/Documentation/architecture/cross-platform-cryptography.md#x509store

並請確保您沒有遵循上述場景之一。

您可以使用以**AccountType="LocalSystem"**用戶身份運行的[SetupEntryPoint][1]來運行SetupEntryPoint

或者，您可以使用 Azure Key Vault 來存儲證書，然后從那里讀取它。 您可以在此處找到示例代碼：

https://docs.microsoft.com/en-us/azure/service-fabric/how-to-managed-identity-service-fabric-app-code#accessing-key-vault-from-a-service-fabric-應用程序使用管理身份

希望能幫助到你。