zoukankan      html  css  js  c++  java
  • You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed.

    You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed.

    https://github.com/jexuswebserver/JexusManager/blob/0d4a33d5247557f103887a7ef3e4403cf48627be/JexusManager/Features/Main/SslDiagDialog.cs#L207

    https://github.com/microsoft/service-fabric/issues/773

    It appears there may be 2 issues here:

    • the certificate's private key is not ACL'd to NetworkService; to fix this, please open the Management Console (start -> run -> mmc), navigate to 'Local Computer Certificates' (file -> add snap-in -> certificates, local computer) and examine the private key access list (right click on the certificate, 'All tasks' -> Manage private key..). If NetworkService is not listed: Add -> %computername%Network Service -> 'check', followed by ok. (You may need to replace %computername% with the actual host name.)

    • the certificate is issued by an unsupported provider. The error (0x80090014/NTE_BAD_PROV_TYPE) indicates that the certificate was issued by a CNG key provider, which the SF runtime does not currently support. Note that ACLing errors are not fatal, and should not be the cause of the cluster's failure to start.

    To confirm that is the case, please run the following, from a PowerShell prompt:
    cd Cert:LocalMachineMy
    certutil -v -store my | findstr -i provider

    If the output contains something like this:
    Provider = Microsoft Software Key Storage Provider
    then indeed this is a CNG certificate (issued with a Key Storage Provider).

    I presume the certificate was created with the New-SelfSignedCertificate PowerShell cmdlet, which, unless otherwise specified, will use a CNG provider. If that is the case, and it is possible for you to create another certificate to be used for this cluster, you may try the following:

    New-SelfSignedCertificate -NotBefore '' -NotAfter '' -DnsName -CertStoreLocation Cert:LocalMachineMy -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -KeyExportPolicy ExportableEncrypted -Type Custom -Subject ""

    Note this is just an example - the complete list of Crypto API Cryptographic Service Providers can be found here.

    We are addressing this issue in an upcoming release.
    Thanks.

  • 相关阅读:
    C# 日期格式化的中的 正斜杠的问题
    JQuery中如何click中传递参数
    《启示录:打造用户喜爱的产品》—— 读书笔记
    json串的使用
    谷歌浏览器怎么调试js
    web页面布局思想
    js或者cs代码拼接html
    筛选DataTable数据的方法
    Ajax的简单小例子
    简单的javascript例子
  • 原文地址:https://www.cnblogs.com/chucklu/p/15242285.html
Copyright © 2011-2022 走看看