Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException

问题

I'm getting the following error message from Visual Studio 2017 on first run of the ASP.NET Core MVC Boilerplate template (DotNet Core) regarding the SSL certificate:

"Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException occurred HResult=0x80070002 Message=The system cannot find the file specified Source=
StackTrace: at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at Microsoft.AspNetCore.Hosting.KestrelServerOptionsHttpsExtensions.UseHttps(KestrelServerOptions options, String fileName, String password) ... "

All other projects using SSL work fine and I've double checked that my localhost certificate is in the Trusted Root Certification Authorities for my local machine and has not expired. The project is running IISExpress - perhaps it's not looking the correct place? I'm not sure. Any ideas where I'm going wrong?

回答1:

Recently had this same issue with ASP.NET Core MVC Boilerplate.

Close Visual Studio, right click on it, "Run as Administrator". Worked for me.

回答2:

One of two problems is going on.

1) The file "exists", but is a symlink. That tends to confuse the underlying system. (The response is to do File.ReadAllBytes and use the byte[] constructor).

2) The file doesn't exist.

To help diagnose #2 you can read Environment.CurrentDirectory to know where "here" is, and use Directory.EnumerateFiles() to see what is present in the directory and why your file doesn't exist.

---

Of course, if you didn't think you were loading by file, but thought you were loading from a certificate store: Check your configuration and try again... since you're loading from file :).

回答3:

If you're running in docker, another workaround is doing a copy at startup.

# The copy is done, because wildcard_certificate.pfx is put into the container using docker secrets, which makes it a symlink. 
# Reading a certificate as a symlink is not supported at this moment: https://stackoverflow.com/q/43955181/1608705
# After doing a copy, the copied version is not a symlink anymore.
ENTRYPOINT (IF EXIST "c:\certificates\wildcard_certificate.pfx" (copy c:\certificates\wildcard_certificate.pfx c:\app\wildcard_certificate.pfx)) && dotnet webapplication.dll

My application runs in the "c:\app" folder and I put my "to be copied" certificates in "c:\certificates". At startup the certificate is copied to "c:\app", which my environment variables point to.

version: "3.7"
services:
  webapplication:
    image: ({CONTAINER_REGISTRY})/webapplication:({LABEL})
    environment:
      - ASPNETCORE_URLS=https://+;http://+
      - ASPNETCORE_HTTPS_PORT=443
      - ASPNETCORE_Kestrel__Certificates__Default__Path=wildcard_certificate.pfx
    secrets:
      - source: config_secrets
        target: C:/app/appsettings.json
      - source: wildcard_certificate_pfx
        target: c:\certificates\wildcard_certificate.pfx

来源：https://stackoverflow.com/questions/43955181/internal-cryptography-cryptothrowhelper-windowscryptographicexception