问题
I am creating a WCF service hosted within IIS7 on Windows Vista SP1. I am getting the following error:
The certificate 'CN=SignedByLocalHost' must have a private key that is capable of key exchange. The process must have access rights for the private key.
It looks like I would need to give the host process assess to the certificate which was done in the past with winhttpcertcfg which has been deprecated for Vista. The article I found indicates to use the certificate console, but I am missing somethign because I don't see any capability to edit my cert.
Any help would be great!
Thanks
回答1:
You can use IIS 7.0/7.5 Just Start->Run ->inetmgr Select the server Under "Security" panel, go to "Server Certificates" In the left pane click - "Create Self Signed Certificate" and complete the process The crtfiticate will get installed in LocalMachine StoreLocation under Personal storename. Now use this certificate in your WCF service and you will not face this error
回答2:
Figured it out.
Assuming you have a self signed cert at c:\OutCert the following command will work. I had left off the -sky exchange.
makecert -sk SignedByCA -iv c:\OutCert.pvk -n "CN=MyLocalHost" -ic c:\OutCert.cer -sr LocalMachine -ss My -sky exchange pe
Now you can go into the MMC tool and manage the private keys and grant IIS access to the key. To manage private keys, right-click on the certificate and select All Tasks / Manage Private Keys.
来源:https://stackoverflow.com/questions/344590/issue-with-self-signed-cert-in-wcf-must-have-private-key