使用c#自动将SSL证书安装到IIS 6站点
本文关键字:安装 IIS 6站点 证书 SSL 使用 | 更新日期: 2023-09-27 18:11:07
我正在尝试通过c#代码在IIS 6中自动生成网站的过程。我正在使用DirectoryServices,我就快到了。我有它创建的网站,设置所有的绑定等都很好。我还没有弄清楚如何安装我们的通配符ssl证书。下面是详细信息:
我们有一个匹配'*.example.com'的SSL证书。我们托管的每个站点都有一个匹配的服务器绑定。如。"test.example.com"。我想我知道如何添加SecureBinding属性:
DirectoryEntrySite.Properties["SecureBindings"][0] = "xx.xx.xx.xx:443:test.example.com";
但是我没有找到关于如何自动将证书安装到站点的信息。在IIS 6管理器中,您可以通过右键单击站点->属性->目录安全->服务器证书->下一步->分配现有证书->(选择证书)->下一步…
有人能帮忙吗?
查看:http://forums.iis.net/t/1163325.aspx
using Microsoft.Web.Administration;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
X509Certificate2 certificate = new X509Certificate2(pfxFilePath);
store.Add(certificate);
using (ServerManager serverManager = new ServerManager())
{
Site site = serverManager.Sites["Default Web Site"];
if (site != null)
{
site.Bindings.Add("*:443:", certificate.GetCertHash(), store.Name);
}
store.Close();
}
好了,这个问题已经有答案了,但是奖励的答案不是IIS6,而是IIS7或更高。名称空间Microsoft.Web.Administration在IIS6中不可用。我们在。net 4.0中使用了一系列技术来实现这个功能。
步骤……
- 添加COM组件IIS CertObj 1.0类型库的引用
- 在添加的引用CERTOBJLib上,在属性表中设置'嵌入互操作类型'为false 用以下方法创建一个类…
using System.Linq;
using System.Management;
namespace CertStuff
{
public class CertificateInstaller
{
public void RegisterCertificateWithIIS6(string webSiteName, string certificateFilePath, string certificatePassword)
{
// USE WMI TO DERIVE THE INSTANCE NAME
ManagementScope managementScope = new ManagementScope(@"''.'root'MicrosoftIISv2");
managementScope.Connect();
ObjectQuery queryObject = new ObjectQuery("SELECT Name FROM IISWebServerSetting WHERE ServerComment = '" + webSiteName + "'");
ManagementObjectSearcher searchObject = new ManagementObjectSearcher(managementScope, queryObject);
var instanceNameCollection = searchObject.Get();
var instanceName = (from i in instanceNameCollection.Cast<ManagementObject>() select i).FirstOrDefault();
// USE IIS CERT OBJ TO IMPORT CERT - THIS IS A COM OBJECT
var IISCertObj = new CERTOBJLib.IISCertObjClass();
IISCertObj.InstanceName = instanceName["Name"].ToString();
IISCertObj.Import(certificateFilePath, certificatePassword, false, true); // OVERWRITE EXISTING
}
}
}
删除证书引用,使用以下方法…
public void UnRegisterCertificateWithIIS6(string webSiteName)
{
// USE WMI TO DERIVE THE INSTANCE NAME
ManagementScope managementScope = new ManagementScope(@"''.'root'MicrosoftIISv2");
managementScope.Connect();
ObjectQuery queryObject = new ObjectQuery("SELECT Name FROM IISWebServerSetting WHERE ServerComment = '" + webSiteName + "'");
ManagementObjectSearcher searchObject = new ManagementObjectSearcher(managementScope, queryObject);
foreach (var instanceName in searchObject.Get())
{
var IISCertObj = new CERTOBJLib.IISCertObjClass();
IISCertObj.InstanceName = instanceName["Name"].ToString();
// THE REMOVE CERT CALL COMPLETES SUCCESSFULLY, BUT FOR WHATEVER REASON, IT ERRORS OUT.
// SWALLOW THE ERROR.
try
{
IISCertObj.RemoveCert(false, true);
}
catch (Exception ex)
{
}
}
}
注意:如果你收到错误"Interop type 'CERTOBJLib。不能嵌入IISCertObjClass。使用适用的接口代替",这意味着跳过了第2步。
要在。net 4.7和IIS 10中做到这一点,可以传递以下标志:
X509Certificate2 certificate = new X509Certificate2(path, "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable| X509KeyStorageFlags.MachineKeySet);
如果您将证书存储在CurrentUser存储库而不是LocalMachine存储库中,请执行以下操作:
X509Certificate2 certificate = new X509Certificate2(path, "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable| X509KeyStorageFlags.UserKeySet);
Key set标志表示以下内容:
//
// Summary:
// Private keys are stored in the current user store rather than the local computer
// store. This occurs even if the certificate specifies that the keys should go
// in the local computer store.
UserKeySet = 1,
//
// Summary:
// Private keys are stored in the local computer store rather than the current user
// store.
MachineKeySet = 2,
私钥需要与证书的其余部分位于相同的位置,以便它与IIS一起工作。