本文介绍了HttpListener-指定可接受的客户端证书CA名称的列表的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

背景:

我正在使用具有客户端证书身份验证(HttpListener.Request.System.Net.HttpListenerRequest.GetClientCertificate())的System.Net.HttpListener.客户端必须提供要认证的特定客户端证书.在SSL握手中,我可以 看到服务器将所有潜在客户端证书CA名称的列表发送给客户端,很可能是存储在受信任的根证书颁发机构"中的所有证书名称.服务器上的存储.这可能会令人困惑 向客户发送,因为我的服务器只接受一个特定CA颁发的一个证书.

I'm using the System.Net.HttpListener with client certificate authentication (HttpListener.Request.System.Net.HttpListenerRequest.GetClientCertificate()). The client must provide a specific client certificate to be authenticated. In the SSL handshake I can see that the server sends a list of all potential client certificate CA names to the client, it is most likely all the names of the certificates stored in the "Trusted Root Certificatation Authorities" storage on the server. This could be confusing to the client since it is only one certificate issued by one specific CA that is accepted by my server.

问题:

是否可以指定发送给客户端的可接受的客户端证书CA名称的列表,即C#HttpListener的某些配置?我只需要已颁发我的特定客户端证书的CA的名称.

Is it somehow possible to specify the list of acceptable client certificate CA names sent to the client, i.e. some configuration of the C# HttpListener? I only want the name of the CA that has issued my specific client certificate.

推荐答案

因此,该功能不太可能在HttpListener级别上可用.应该在网站级别上配置它.也许可以用"netsh http add sslcert sslctlidentifier =< string>"完成.

The feature is therefore not likely to be available at the HttpListener level. It should be configured at the web-site level instead. Perhaps it can be done with "netsh http add sslcert sslctlidentifier=<string>" somehow.


这篇关于HttpListener-指定可接受的客户端证书CA名称的列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-23 01:52