我创建了一个Blazor应用程序,并在创建C:Userswsn2TestCertificates9Cert.pfx后在appsettings.json中添加了以下json配置。(https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1(
{
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://*:5005",
"Certificates": {
"Path": "C:\Users\wsn2\Test\Certificates\9Cert.pfx",
"Password": "4passWord"
}
}
},
"Certificates": {
"Default": {
"Path": "C:\Users\wsn2\Test\Certificates\9Cert.pfx",
"Password": "4passWord"
}
}
}
然而,运行已发布的独立kestrel应用程序会出现以下错误:
[23:40:25INF]用户配置文件可用。使用'C:\Users\wsn2\AppData\Local\ASP。NET\DataProtection Keys"作为密钥存储库,并使用Windows DPAPI在静止时加密密钥。[23:40:25 FTL]无法启动Kestrel。内部的密码学。CryptoThrowHelper+WindowsCryptographicException:指定的网络密码不正确。内部。密码学。Pal.CertificatePal.FilterPFXStore(Byte[]rawData,SafePasswordHandle password,PfxCertStoreFlags PfxCertStoreFlags(内部。密码学。Pal.CertificatePal.FromBlob OrFile(Byte[]rawData,String fileName,SafePasswordHandle password,X509KeyStorageFlags keyStorageFlags(在系统中。安全密码学。X509证书。X509证书。。ctor(字符串文件名,字符串密码,X509KeyStorageFlags keyStorageFlags(在系统中。安全密码学。X509证书。X509Certificate2..ctor(字符串文件名,字符串密码(在微软。AspNetCore。服务器Kestrel。KestrelConfiguration Loader。LoadCertificate(CertificateConfig certInfo,String endpointName(在微软。AspNetCore。服务器Kestrel。KestrelConfiguration Loader。LoadDefaultCert(ConfigurationReader configReader(在微软。AspNetCore。服务器Kestrel。KestrelConfiguration Loader。加载((在微软。AspNetCore。服务器Kestrel。果心KestrelServer。ValidateOptions((在微软。AspNetCore。服务器Kestrel。果心KestrelServer。StartAsync[TContext](IHttpApplication`1应用程序,CancellationToken取消令牌(未处理的异常。内部的密码学。CryptoThrowHelper+WindowsCryptographicException:指定的网络密码不正确。内部。密码学。Pal.CertificatePal.FilterPFXStore(Byte[]rawData,SafePasswordHandle password,PfxCertStoreFlags PfxCertStoreFlags(内部。密码学。Pal.CertificatePal.FromBlob OrFile(Byte[]rawData,String fileName,SafePasswordHandle password,X509KeyStorageFlags keyStorageFlags(在系统中。安全密码学。X509证书。X509证书。。ctor(字符串文件名,字符串密码,X509KeyStorageFlags keyStorageFlags(在系统中。安全密码学。X509证书。X509Certificate2..ctor(字符串文件名,字符串密码(在微软。AspNetCore。服务器Kestrel。KestrelConfiguration Loader。LoadCertificate(CertificateConfig certInfo,String endpointName(在微软。AspNetCore。服务器Kestrel。KestrelConfiguration Loader。LoadDefaultCert(ConfigurationReader configReader(在微软。AspNetCore。服务器Kestrel。KestrelConfiguration Loader。加载((在微软。AspNetCore。服务器Kestrel。果心KestrelServer。ValidateOptions((在微软。AspNetCore。服务器Kestrel。果心KestrelServer。StartAsync[TContext](IHttpApplication`1应用程序,CancellationToken取消令牌(在微软。AspNetCore。主机。GenericWebHostService。StartAsync(CancellationToken CancellationToken(在微软。扩展。主机。内部的主办StartAsync(CancellationToken CancellationToken(在微软。扩展。主机。主机抽象主机扩展。RunAsync(IHost主机,CancellationToken令牌(在微软。扩展。主机。主机抽象主机扩展。RunAsync(IHost主机,CancellationToken令牌(在微软。扩展。主机。主机抽象主机扩展。运行(IHost主机(
将9Cert.pfx文件放在发布代码的文件夹中
我最终得到了这个:
-
从这里获取openssl"http://slproweb.com/products/Win32OpenSSL.html">
-
生成证书(公钥(和私钥,如下所示:
openssl req-x509-newkey rsa:4096-sha256-days 3650-keyout web.key-nodes-out web.crt-subj"/C=US/ST=NY/L=Some City/O=MyCompany/OU=MyCompanie/CN=MyCompany.com"-addext";subjectAltName=DNS:mycompany.com";
-
将生成的"web.key"one_answers"web.crt"复制到应用程序文件夹中
-
将以下部分添加到"appsettings.json"中
"Kestrel": { "Endpoints": { "Https": { "Url": "https://0.0.0.0:5001" } }, "Certificates": { "Default": { "Path": "web.crt", "KeyPath": "web.key" } }}
仅此而已。在浏览器中尝试";https://localhost:5001/"并且会提示您有关不可信证书的信息,但您仍然可以继续。