我有一个受信任的第三方的根证书.我将此安装到
Windows Server 2008中的“受信任的根证书颁发机构”证书存储区,但它在未知时间从证书存储区中消失.
可能是什么导致了这个?
>证书尚未过期
>它似乎没有被撤销
>我无法在事件发生时看到任何相关的事件日志
>它发生在我的开发机器,测试环境和生产服务器上
>生产服务器不在域上,只是工作组(托管在Rackspace中)
>查询组策略(gpresult / h foo.html)并未报告我无法信任第三方根CA
我在c#命令行应用程序中使用以下代码来安装证书:
X509Certificate2 certificate = new X509Certificate2("trusted-root-cert.cer");
X509Store store = new X509Store(StoreName.AuthRoot,StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
每次我发布对应用程序的更改时,都会运行证书安装代码.我不知道这怎么会造成任何伤害,但值得一提.
我安装证书的方式可能有些不对劲.安装的首选方式是什么?
在应用程序事件日志中进行更彻底的挖掘,此条目发生:
Log Name: Application Source: Microsoft-Windows-CAPI2 Date: 24/10/2014 12:49:10 Event ID: 4108 Task Category: None Level: information Keywords: Classic User: N/A Computer: [redacted] Description: Successful auto delete of third-party root certificate:: Subject [...redacted...]
事实证明,如果无法识别第三方根CA,则可以将其删除:
Typically,a certificate is used when you use a secure Web site or when you send and receive secure e-mail. Anyone can issue certificates,but to have transactions that are as secure as possible,certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.
