dic*_*ice 6 c# iis ssl certificate netsh
如何实现与使用C#的应用程序中的netsh设置clientcertnegotiation = enable相同(不执行命令行).
netsh http add sslcert ipport=0.0.0.0:8000 certhash=2064a43f429fe97746ce0c1c9adcd4ea93415f6d appid={4dc3e181-e14b-4a21-b022-59fc669b0914} clientcertnegotiation=enable
以下代码成功添加了证书
using (var manager = new ServerManager())
{
var siteBindings = from s1 in manager.Sites
from b1 in s1.Bindings
where b1.Protocol.Equals("https")
select new {SiteName = s1.Name, Binding = b1};
foreach (var siteBinding in siteBindings)
{
siteBinding.Binding.CertificateHash = cert.GetCertHash();
}
// This is correctly setting the values on the Ssl Cert configuration section in IIS
var config = manager.GetApplicationHostConfiguration();
var accessSection = config.GetSection("system.webServer/security/access", "WebActivationService");
accessSection["sslFlags"] = @"Ssl, SslRequireCert";
manager.CommitChanges();
}
但是运行netsh http show sslcert会显示它取消了Negotiate Client Certificate
IP:port : 0.0.0.0:8000
Certificate Hash : 2064a43f429fe97746ce0c1c9adcd4ea93415f6d
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
删除和重新创建绑定具有相同的效果
从 Windows Server 2003 + 可以使用以下内容:
ULONG HttpSetServiceConfiguration(
__in HANDLE ServiceHandle,
__in HTTP_SERVICE_CONFIG_ID ConfigId,
__in PVOID pConfigInformation,
__in ULONG ConfigInformationLength,
__in LPOVERLAPPED pOverlapped
);
http://msdn.microsoft.com/en-us/library/windows/desktop/aa364503(v=vs.85).aspx
| 归档时间: |
|
| 查看次数: |
5819 次 |
| 最近记录: |