问题描述
真的以为我有这个问题固定,但它只是伪装前。
我使用HTTPS在IIS 7中托管了WCF服务。当我在Internet Explorer中浏览此网站时,它的工作方式类似于charm,这是因为我已将证书添加到本地根证书授权商店。
我在1台机器上开发,因此客户端和服务器是同一台机器。该证书是直接从IIS 7管理管理单元自签名。
我不断收到此错误...
.. 。从客户端控制台调用
我使用 findprivatekey
手动给证书的权限和网络服务使用 cacls.exe
。
我尝试使用SOAPUI连接到服务,是我的客户端应用程序中的一个问题,它是基于用于处理http的代码。
我还能看到我似乎已经用尽了所有可能性为什么作为解决方法您可以添加一个处理程序到 ServicePointManager
code>'
ServerCertificateValidationCallback
在客户端:
System.Net.ServicePointManager.ServerCertificateValidationCallback + =
(se,cert,chain,sslerror)=>
{
return true;
};
但请注意 这不是一个好习惯 / strong>,因为它完全忽略服务器证书,并告诉服务点管理器任何证书是正常的,可以严重危及客户端安全。你可以细化这个,并做一些自定义检查(证书名称,哈希等)。
至少你可以在开发期间使用测试证书时规避问题。
Really thought I had this issue fixed, but it was only disguised before.
I have a WCF service hosted in IIS 7 using HTTPS. When I browse to this site in Internet Explorer, it works like a charm, this is because I have added the certificate to the local root certificate authority store.
I'm developing on 1 machine, so client and server are same machine. The certificate is self-signed directly from IIS 7 management snap in.
I continually get this error now...
... when called from client console.
I manually gave myself permissions and network service to the certificate, using findprivatekey
and using cacls.exe
.
I tried to connect to the service using SOAPUI, and that works, so it must be an issue in my client application, which is code based on what used to work with http.
Where else can I look I seem to have exhausted all possibilities as to why I can't connect?
解决方案 As a workaround you could add a handler to the ServicePointManager
's ServerCertificateValidationCallback
on the client side:
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) =>
{
return true;
};
but be aware that this is not a good practice as it completely ignores the server certificate and tells the service point manager that whatever certificate is fine which can seriously compromise client security. You could refine this and do some custom checking (for certificate name, hash etc).at least you can circumvent problems during development when using test certificates.
这篇关于如何解决“无法为具有授权的SSL / TLS安全信道建立信任关系”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!