When making wechat payment refund, due to the need to use p12 certificate, a series of pits were encountered. Make a record here for future reference.
Code that originally loaded the certificate:
The test passed on vs. However, this problem is always reported when deploying to IIS:
Detailed stack trace information:
In system.security.cryptography.cryptographicexception.throwcryptographicexception (int32 HR)
At system.security.cryptography.x509certificates.x509utils_ LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
In system.security.cryptography.x509certificates.x509certificate.loadcertificatefromfile (string filename, object password, x509keystorageflags, keystorageflags)
In system. Security. Cryptography. X509certificates. X509certificate2.. ctor (string filename, string password)
In tenpaycore.httpservice.post (tenpayexception & TPEX, byte  XML, string URL, Boolean isusecert, int32 timeout).
After repeated testing, confirm that it is not the problem of code and file path. After querying Microsoft’s documentsRelevant description, which indicates the problem. Let’s share my operation process.
1. Install the certificate
Click [start] – [run] – [type [MMC] to enter the “console” interface – > select [file] – [add / delete snap in] (Ctrl + m)
Select [Certificate] – [computer account] – [next] – [finish]
Select [Certificate] – [import]
Import your certificate file
2. Certificate of authorization
Install firstwinhttpcertcfg.exeTool (Windows HTTP services certificate configuration tool). After installation, the tool is in the folder C: \ program files (x86) \ Windows Resource kits \ tools or C: \ program files \ Windows Resource kits \ tools. Open CMD and type the command:
-G instruction is authorization
-C refers to the storage area where the certificate is located
In addition, this is the name of the certificate, as shown in the figureInstead of anything else, I just made a mistake. I clicked the details of this certificate and took the name inside, resulting in unsuccessful authorization.
The IIS account ID refers to the application pool corresponding to the site. In advanced settings, there is an option to select the corresponding user. At that time, the ID I authorized was network service, and the ID in the application pool was applicationpoolidentity. As a result, when I initiated the request, the following occurred:
3. Modify code
After these configurations, modify the code that loaded the certificate before.
Test again and finally succeed!
The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support developpaer.