问题描述
我有一个想要使用 SSL 访问的 WCF 服务.我在我的开发者机器上,所以我想自托管服务.我一直在关注配置 HTTP 和HTTPS.
我创建了一个自签名证书,并将其添加到受信任的根证书颁发机构.我创建了另外两个由第一个签名的证书,一个用于客户端,另一个用于服务器.我关注了使用 makecert 创建开发证书.
我无法通过 SSL 证书配置步骤.当我使用 netsh 将证书绑定到端口号时,它会引发 SSL 错误:>
证书添加失败,错误:1312 指定的登录会话不存在.它可能已经被终止.
证书是否需要一些特殊领域或其他东西才能发挥作用?
CA 证书:
makecert -n "CN=TestCA" -cy authority -a sha1 -sv "TestCA.pvk" -r "TEST_CA.cer"
服务证书:
makecert -n "CN=rneapp.com" -ic "TEST_CA.cer" -iv "TestCA.pvk" -a sha1 -sky exchange -pe -sv "rneapp.com.pvk" "rneapp.com.cer"
客户端证书:
makecert -n "CN=rneClient" -ic "TEST_CA.cer" -iv "TestCA.pvk" -a sha1 -sky exchange -pe -sv "rneClient.pvk" "rneClient.cer"
我正在使用此命令将证书绑定到端口:
netsh http add sslcert ipport=0.0.0.0:8465 certhash=a853f3b5b48b8a506bdc4212ba2726a3bfea2bb6 appid={2E53B9B0-17AE-4EBC-A57DAE-44FDC-A57DAE-Certificate 客户端
当我遇到同样的问题时,将证书从当前用户移动到本地计算机存储有帮助,因此请尝试检查您的证书存储.
netsh http add sslcert
的内置帮助也提到了关于 certstorename
选项的这一点:
certstorename - 证书的存储名称.默认值到我的.证书必须存储在本地机器上下文.
I have a WCF service that I want to access using SSL. I'm on my developer machine, so I was thinking of self-hosting the service. I've been following Configuring HTTP and HTTPS.
I've created a self-signed certificate which I added to the Trusted Root Certification Authorities. I've created another two certificates signed by the first one, one for the client and the other for the server. I followed Using makecert to create certificates for development.
I can't get past the SSL certificates configuration step. When I'm binding the certificate to the port number using netsh it throws an SSL error:
Does the certificate need some special field or some other thing for this to work?
CA certificate:
makecert -n "CN=TestCA" -cy authority -a sha1 -sv "TestCA.pvk" -r "TEST_CA.cer"
Service certificate:
makecert -n "CN=rneapp.com" -ic "TEST_CA.cer" -iv "TestCA.pvk" -a sha1 -sky exchange -pe -sv "rneapp.com.pvk" "rneapp.com.cer"
Client certificate:
makecert -n "CN=rneClient" -ic "TEST_CA.cer" -iv "TestCA.pvk" -a sha1 -sky exchange -pe -sv "rneClient.pvk" "rneClient.cer"
I'm using this command to bind the certificate to the port:
netsh http add sslcert ipport=0.0.0.0:8465 certhash=a853f3b5b48b8a506bdc4212ba2726a3bfea2bb6 appid={2E53B9B0-17AE-4EBC-A1AE-43D53A6FD07D} clientcertnegotiation=enable
When I encountered the same issue, moving the certificate from Current User to Local Computer storage helped, so try checking your certificate storage.
Built-in help for netsh http add sslcert
also mentions this with regard to certstorename
option:
certstorename - Store name for the certificate. Defaults
to MY. Certificate must be stored in the
local machine context.
这篇关于使用 SSL 和 WCF 的自托管 - 无法将证书绑定到端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!