带有 pfx 文件的 Azure https
我正在尝试为我的 azure 服务创建一个 https 端点。我收到了一个 p7b 文件,我将其转换为 cer 文件。从cer,我可以用几行c# 转换为pfx。
var cert = new X509Certificate2(@"certpath", "
var bytes = cert.Export(X509ContentType.Pfx, "password");
File.WriteAllBytes(@"certpath\cert.pfx", bytes);
现在,当我将证书上传到 azure 时,一切似乎都正常,我复制指纹并尝试使用新指纹进行升级作为终点的一部分,但我在 azure 中收到错误。
与 HTTPS 输入端点“endpointName”关联的指纹 3FA490D1D4957942CD2ED545F6E823D0008796EA2 的证书不包含私钥。
I am trying to create an https endpoint for my azure service. I was given an p7b file that I converted into a cer file. From the cer I was able to convert with a few lines of c# to a pfx.
var cert = new X509Certificate2(@"certpath", "
var bytes = cert.Export(X509ContentType.Pfx, "password");
File.WriteAllBytes(@"certpath\cert.pfx", bytes);
Now when I upload the cert to azure everything seems ok, I copy the thumbprint and try to upgrade with the new thumbprint as part of the end point and I get an error in azure.
Certificate with thumbprint 3FA490D1D4957942CD2ED545F6E823D0008796EA2 associated with HTTPS input endpoint "endpointName" does not contain private key.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您是如何将 .p7b 转换为 .cer 的?您的问题是 cer 文件不包含私钥信息,因此当您将其导出为 pfx 时,它没有使用 SSL 所需的信息。
转换为 pfx 的最简单方法可能是将证书导入到本地计算机上(使用 certmgr.msc),然后将其导出,确保选择“是,导出私钥”选项。
编辑:在 GregS 的评论后做了更多研究后,问题仍然是一样的,你的 pfx 没有与 SSL 一起使用所需的私钥,但原因实际上是 .p7b 文件没有首先有一个私钥。您需要使用不同的证书。已经存在一个与服务器故障相关的问题。
How did you convert the .p7b to a .cer? You're problem is that cer files don't contain the private key information, so when you exported it as a pfx, it doesn't have the information that it needs to work with SSL.
The easiest way to convert to a pfx is probably to import the certificate onto your local machine (using certmgr.msc), then export it making sure you select the "Yes, export the private key" option.
EDIT: After doing some more research after GregS' comment, the problem is still the same, you're pfx doesn't have the private key it needs to work with SSL, but the cause is actually that the .p7b file doesn't have a private key to begin with. You need to use a different certificate. There is already a question related to this on server fault.
我在尝试为 Azure 生成 .pfx 时遇到了同样的问题。 p7b 证书由 Thawte 生成。经过一些研究,我能够让它发挥作用。
从 IIS 生成 CSR(证书请求)。它可能是您本地的 IIS。
https://search.thawte.com/support /ssl-digital-certificates/index?page=content&id=SO9171
根据CSR生成证书。 CA 负责处理此事。如果您要生成自签名证书,您也可以从 ISS 执行此操作。这很重要,因为当您导入它时(步骤 3),IIS 将验证证书是否是在此处生成的。
将证书导入到本地 IIS。它必须是 .cer 文件。只需打开您的 p7b 文件,您就会在其中看到证书链。将您的域证书导出到 .cer 文件。然后您可以使用它将其导入到 IIS。
https://search.thawte.com/support /ssl-digital-certificates/index?page=content&id=SO10664
将证书从 IIS 导出到 .pfx。此时,证书包含由 IIS 添加的适当私钥。当您导出它时,IIS 会要求您输入密码。
https://search.thawte.com/support /ssl-digital-certificates/index?page=content&id=SO10034
I had the same problem trying to generate .pfx for Azure. The p7b certificate was generated by Thawte. After some research I was able to make it work.
Generate CSR (certificate request) from IIS. It could be your local IIS.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO9171
Generate the certificate based on the CSR. The CA takes care of this. If you are generating a self-signed certificate you also could do that from ISS. This is important because when you import it (step 3) IIS will verify that the certificate was generated there.
Import the certificate to your local IIS. It must be a .cer file. Just open your p7b file and you will see the certificate chain in there. Export your domain certificate to a .cer file. Then you can use it to import it to IIS.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10664
Export the certificate to .pfx from IIS. At this point the certificate contains an appropriate private key added by IIS. When you export it, IIS will ask you for a password.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10034
我曾经遇到过和你完全相同的问题,这是这个故事:
Windows Azure、SSL、自签名证书和令人讨厌的 HTTPS 输入端点不包含私钥错误
I had exactly the same problem as you once and here is the story of that:
Windows Azure, SSL, Self-Signed Certificate and Annoying HTTPS Input Endpoint Does Not Contain Private Key Error
从 godaddy 的 SSL 证书获取 pfx 文件。详细信息 这里以防有帮助。
Getting pfx file from SSL certificate from godaddy. Details here in case it helps.