我需要给访问IIS用户一个PFX证书。该网站下的应用程序池下的一些用户AppPoolUser运行。 IIS自动拥有用户名IIS APPPOOL \ AppPoolUser，这就是我们需要给访问时，我们使用为aspnet_regiis -ga。

I need to give access to the IIS user to a pfx certificate. The website is running under the App Pool under some user AppPoolUser. IIS automatically has the user name "IIS APPPOOL\AppPoolUser" and this is what we need to give access when we use aspnet_regiis -ga .

然而，当我使用winhttpcertcfg给访问用户IIS APPPOOL \ AppPoolUser，它说：没有帐户信息被发现。

However, when i use winhttpcertcfg to give access to the user "IIS APPPOOL\AppPoolUser", it says "No account information was found".

我使用的命令是

winhttpcertcfg -i <filename> -c <certificateLocation> - g -a <account name>

没有找到任何样本这个在网上。任何想法？

Didn't find any samples for this over the web. Any ideas?

推荐答案

我知道这是一个老问题，但我有同样的问题昨天，所以我虽然我会回答。

I know it's an old question, but I just had the same problem yesterday so I though I'd answer.

我有同样的问题，但与位于LOCALMACHINE证书 - > TrustedPeople店...

I had the same problem but with a certificate located in the LocalMachine -> TrustedPeople store...

您必须使用 ICACLS 而不是 WinHttpCertCfg ，从这个链接。

You have to use icacls instead of WinHttpCertCfg, taken from this link.

基本上，它应该是这样的：

Basically, it should look like this:

ICACLS <filename> /grant "IIS AppPool\DefaultAppPool":R

为了完成，我这里怎么需要做它来访问受信任人的商店。两者在某种程度上从this链接。

使用微软的 FindPrivateKey工具找到实际文件的证书在商店。此工具必须从源头code编译在 \ WF_WCF_Samples \ WCF \ SETUP \ FindPrivateKey \ CS 从的