我试图保护我的RESTService,但是当我启用https时,我收到一条ERR_CONNECTION_RESET消息!
这是我生成证书的代码:
public void generateCert()
{
String certSerial = ConfigDto.loadConfig(ConfigDto.CERT_SERIAL);
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
BackendContext.Current.Log.WriteLine("Search for certificate with serialnumber: " + certSerial);
int count = store.Certificates.Find(X509FindType.FindBySerialNumber, certSerial, false).Count;
if(count == 1)
{
BackendContext.Current.Log.WriteLine("Certificate found");
return;
}
if(count >1)
{
BackendContext.Current.Log.WriteLine("More then one certificate found - remove all!");
store.RemoveRange(store.Certificates.Find(X509FindType.FindBySerialNumber, certSerial, false));
}
using (CryptContext ctx = new CryptContext())
{
ctx.Open();
X509Certificate2 cert = ctx.CreateSelfSignedCertificate(
new SelfSignedCertProperties
{
IsPrivateKeyExportable = true,
KeyBitLength = 4096,
Name = new X500DistinguishedName("cn="+BackendContext.Current.Config.Hostname),
ValidFrom = DateTime.Today.AddDays(-1),
ValidTo = DateTime.Today.AddYears(10),
});
store.Add(cert);
BackendContext.Current.Log.WriteLine("Create certificate with serialnumber: " + cert.SerialNumber);
ConfigDto.saveConfig(ConfigDto.CERT_SERIAL, cert.SerialNumber);
}
store.Close();
}
这是我启动RESTService的代码:
Type type = pluginDto.plugin.GetType();
ServiceHost oNewRESTHost = new WebServiceHost(type, new Uri[] { new Uri(sBaseAddress) });
oNewRESTHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySerialNumber, ConfigDto.loadConfig(ConfigDto.CERT_SERIAL));
BackendContext.Current.Log.WriteLine(String.Format("Created new service rest host '{0}'", pluginDto.plugin.Name));
WebHttpBinding binding = new WebHttpBinding();
binding.Security.Mode = WebHttpSecurityMode.Transport;
binding.TransferMode = TransferMode.Streamed;
binding.MaxReceivedMessageSize = 50000000;
foreach( Type oServiceInterface in pluginDto.plugin.getRestServiceInterface() )
{
String sRestAdress = String.Format("{0}/{1}", sBaseAddress, oServiceInterface.Name);
ServiceEndpoint oWebEndpoint = oNewRESTHost.AddServiceEndpoint(oServiceInterface, binding, sRestAdress);
oHosts.Add(oNewRESTHost);
var behavior = new BackendEndpointWebBehavior()
{
AutomaticFormatSelectionEnabled = false,
FaultExceptionEnabled = false,
HelpEnabled = false,
DefaultOutgoingRequestFormat = System.ServiceModel.Web.WebMessageFormat.Json,
DefaultOutgoingResponseFormat = System.ServiceModel.Web.WebMessageFormat.Json,
DefaultBodyStyle = System.ServiceModel.Web.WebMessageBodyStyle.Wrapped,
};
oWebEndpoint.Behaviors.Add(behavior);
oNewRESTHost.Open();
BackendContext.Current.Log.WriteLine(String.Format("Added endpoint '{0}'", sRestAdress));
}
当我在firefox上打开RESTService时,它告诉我,该网站无法加载,因为他无法对收到的数据进行身份验证。
我认为我没有正确创建证书。
有任何想法吗?
最佳答案
您可以使用它来验证SSL设置(确保用您的URL替换此YOUR_WEB_SERVICEURL_HERE):
https://www.ssllabs.com/ssltest/analyze.html?d=[YOUR_WEB_SERVICEURL_HERE]&hideResults=on