Solutions to a series of problems in asp.net using x509certificate2

Time:2021-10-3

When making wechat payment refund, due to the need to use p12 certificate, a series of pits were encountered. Make a record here for future reference.

Code that originally loaded the certificate:

Copy codeThe code is as follows:
1 X509Certificate2 cert = new X509Certificate2(path + WxPayConfig.SSLCERT_PATH, WxPayConfig.SSLCERT_PASSWORD);2 Request.ClientCertificates.Add(cert);

The test passed on vs. However, this problem is always reported when deploying to IIS:

Copy codeThe code is as follows:
System.security.cryptography.cryptographicexception: the system cannot find the specified file.

Detailed stack trace information:

In system.security.cryptography.cryptographicexception.throwcryptographicexception (int32 HR)
At system.security.cryptography.x509certificates.x509utils_ LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
In system.security.cryptography.x509certificates.x509certificate.loadcertificatefromfile (string filename, object password, x509keystorageflags, keystorageflags)
In system. Security. Cryptography. X509certificates. X509certificate2.. ctor (string filename, string password)
In tenpaycore.httpservice.post (tenpayexception & TPEX, byte [] XML, string URL, Boolean isusecert, int32 timeout).

After repeated testing, confirm that it is not the problem of code and file path. After querying Microsoft’s documentsRelevant description, which indicates the problem. Let’s share my operation process.

1. Install the certificate

Click [start] – [run] – [type [MMC] to enter the “console” interface – > select [file] – [add / delete snap in] (Ctrl + m)

Select [Certificate] – [computer account] – [next] – [finish]

Select [Certificate] – [import]

Import your certificate file

2. Certificate of authorization

Install firstwinhttpcertcfg.exeTool (Windows HTTP services certificate configuration tool). After installation, the tool is in the folder C: \ program files (x86) \ Windows Resource kits \ tools or C: \ program files \ Windows Resource kits \ tools. Open CMD and type the command:

Copy codeThe code is as follows:
winhttpcertcfg -g -c LOCAL_ Machine \ my – s “your certificate name” -a “your IIS account ID”

-G instruction is authorization

-C refers to the storage area where the certificate is located

In addition, this is the name of the certificate, as shown in the figureInstead of anything else, I just made a mistake. I clicked the details of this certificate and took the name inside, resulting in unsuccessful authorization.

The IIS account ID refers to the application pool corresponding to the site. In advanced settings, there is an option to select the corresponding user. At that time, the ID I authorized was network service, and the ID in the application pool was applicationpoolidentity. As a result, when I initiated the request, the following occurred:

Copy codeThe code is as follows:
System. Net. Webexception: request aborted: failed to create SSL / TLS secure channel.

3. Modify code

After these configurations, modify the code that loaded the certificate before.

Copy codeThe code is as follows:
1 X509Store store = new X509Store(“My”, StoreLocation.LocalMachine); 2 store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); 3.4 system.security.cryptography.x509certificates.x509certificate2 cert = 5 store.certificates.find (x509findtype.findbysubjectname, “your certificate name”, false) [0];

Test again and finally succeed!

The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support developpaer.