526互联

identityserver4 安装证书遇到的问题

发布时间 2024-01-02 11:03:25作者: hello_stone

1、自己生成证书,需要用到openssl,官方下载地址 https://slproweb.com/products/Win32OpenSSL.html

2、到安装目录:C:\Program Files\OpenSSL-Win64\bin打开cmd,或配置class环境变量

3、创建密钥(zamoney.key)和公钥证书(zamoney.crt)

openssl.exe req -newkey rsa:2048 -nodes -keyout zamoney.key -x509 -days 365 -out zamoney.crt -subj "/C=CN/ST=GuangDong/L=ShenZhen/O=kf/OU=sf/CN=*.zaxd.com/emailAddress=shiqirong2003@163.com"

4、使用密钥和公钥证书创建带有公钥和私钥的证书(zamoney.pfx)
openssl pkcs12 -export -out zamoney.pfx -inkey zamoney.key -in zamoney.crt -password pass:123456

5、startup.cs代码

private static void ConfigurationIdentityServer(ServiceConfigurationContext context) {
            var configuration=context.Services.GetConfiguration();
            var connectionString=context.Services.GetConfiguration().GetConnectionString("Default");

            var builder = context.Services.AddIdentityServer(options =>
            {
                options.IssuerUri =  configuration.GetValue<string>("Certificates:IssuerUri");
            });

            builder.AddConfigurationStore(opt => {
                opt.ConfigureDbContext = context => {
                    context.UseMySql(connectionString, ServerVersion.AutoDetect(connectionString));
                };
            })
            .AddOperationalStore(opt => {
                opt.ConfigureDbContext = context => {
                    context.UseMySql(connectionString, ServerVersion.AutoDetect(connectionString));
                };
                //opt.EnableTokenCleanup = true;
                //opt.TokenCleanupInterval = 30;
            });
            //builder.AddResourceOwnerValidator<MyResourceOwnerPasswordValidator>();

            // in-memory, code config
            //builder.AddInMemoryIdentityResources(Config.IdentityResources);
            //builder.AddInMemoryApiResources(Config.ApiResources);
            //builder.AddInMemoryApiScopes(Config.ApiScopes);
            //builder.AddInMemoryClients(Config.Clients);
            builder.AddClientStore<CustomerClientStore>();
            builder.AddExtensionGrantValidator<PhoneCodeGrantValidator>();
            builder.AddExtensionGrantValidator<SmsGrantValidator>();

            var path = configuration.GetValue<string>("Certificates:CerPath");
            //获取证书密码
            var pwd = configuration.GetValue<string>("Certificates:Password");
            //生成X509证书
            var cert = new X509Certificate2(path, pwd,X509KeyStorageFlags.MachineKeySet);
            //在生产环境下使用固定证书
            builder.AddSigningCredential(cert);
        }

 

遇到的问题:

先是下载了OPENSSL3.0版本,生成了pfx后导入到iis7中,报错“指定的网络密码不正确”

后来下载使用了OpenSSL 1.1.1q 5 Jul 2022版本,执行成功,不知道这是怎么个意思