在 .MSI 自定义操作中安装证书无法正常工作
我正在尝试通过自定义操作在本地计算机存储中安装证书。 证书已安装,但当我使用它查询 AWS 时,出现以下错误:
对象仅包含公共部分 的密钥对。私钥还必须 提供。
安装程序正在运行提升,目标是Windows Vista。
如果我使用单独的 .exe 安装完全相同的证书,使用完全相同的代码,它就可以工作。 那么使用 Windows Installer 安装证书有什么不同呢?
代码:
private void InstallCertificate(string certificatePath, string certificatePassword)
{
if (IsAdmin())
{
try
{
X509Certificate2 cert = new X509Certificate2(certificatePath, certificatePassword,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
catch (Exception ex)
{
throw new DataException("Certificate appeared to load successfully but also seems to be null.", ex);
}
}
else
{
throw new Exception("Not enough priviliges to install certificate");
}
}
I'm trying to install a certificate in the Local Machine Store in a custom action.
The certificate is installed, but when I use it to query AWS, I get this error:
Object contains only the public half
of a key pair. A private key must also
be provided.
The installer is running elevated, the target is Windows Vista.
If I use a separate .exe to install the exact same certificate, using the exact same code, it works.
So what is it that differs when installing a certificate using the Windows Installer?
The code:
private void InstallCertificate(string certificatePath, string certificatePassword)
{
if (IsAdmin())
{
try
{
X509Certificate2 cert = new X509Certificate2(certificatePath, certificatePassword,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
catch (Exception ex)
{
throw new DataException("Certificate appeared to load successfully but also seems to be null.", ex);
}
}
else
{
throw new Exception("Not enough priviliges to install certificate");
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,至少这个问题为我赢得了一个翻滚杂草徽章......
事实证明是对已安装密钥文件的权限。我必须授予所有用户读取权限。
这是我用来授予所有(本地)用户读取权限的代码:
Well, at least this question earned me a tumble weed badge...
It turned out to be the permissions on the installed key file. I had to grant all users read permissions.
And here is the code I used to grant all (local) users read permissions: