问题描述
我在将 IdentityServer 4 (ASP.NET Core 1.1) 部署到 Azure VM (Windows Server 2012 R2) 时遇到此证书问题.
I'm getting this cert issue while deploying IdentityServer 4 (ASP.NET Core 1.1) to Azure VM (Windows Server 2012 R2).
crit: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Unhandled exception: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
这将在本地开发计算机上运行,我不知道为什么.我在虚拟机上的我的(本地机器)存储上安装了证书.
This will work on local dev computer and I cannot figure it out why. I install the cert on My (Local Machine) store on the VM.
谁能帮忙解决这个问题.谢谢.
Can anyone help on this. Thanks.
推荐答案
我在这里找到了解决方案:
I found the solution here:
显然,我需要在应用程序池上启用加载用户配置文件.但是,错误现在更改为:
Apparently, I need to enable the Load User Profile on the Application Pool. However, the error now changes to this:
crit: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Unhandled exception: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
现在看看这个问题.
好的,所以问题是读取证书的权限.我们只需转到证书并授予 IIS_IUSRS 读取(仅)权限即可.
Okay, so the issue is permission to read the cert. All we have to do just go to the certificate and grant Read (only) for IIS_IUSRS.
现在可以了.
这篇关于将 IdentityServer 4 部署到 Azure VM 时找不到证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!