数字证书无效
我正在尝试将 SSL 添加到我的服务器,以便将客户详细信息发送给客户端。
它似乎在服务器端工作,数字证书(.pfx)已成功加载。
当我尝试与客户端连接时,问题就出现了。 抛出 AuthenticationException ,表明远程证书无效。 该证书是自签名测试证书 - 这可能是问题所在吗?
如果没有,我就没主意了!
编辑:证书位于双方 MMC 中受信任的根证书文件夹中(出于开发目的,服务器和客户端在同一台计算机上运行)。
I'm attempting to add SSL to my server for sending customer details to a client.
It appears to be working on the Server side with the digital certificate (.pfx) being loaded succesfully.
The problem comes when I try to connect with the client. An AuthenticationException is thrown stating that the remote certificate is invalid. The certificate is a self-signed test certificate - could this be the problem?
If not, I'm out of ideas!
EDIT: The certificate is in the trusted root certificate folder in the MMC on both sides (server and client are being run on the same machine for devel purposes).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我必须重写验证方法:
显然,这将接受传递给它的每个证书,因此我需要使用证书的哈希值或类似的内容进行检查。 然而,现在正是假期!
I've had to override the validation method:
Obviously this will accept every certificate that is passed to it so I'll need to check using the hash of the certificate or something similar. However, right now it's holiday time!
这绝对是问题所在。 您是否尝试过将该 Web 服务器添加到客户端上受信任的根证书中?
如果客户端不信任证书提供者(您的 Web 服务器,因为是自签名的),则在尝试验证证书时会抛出异常。
That could most definitely be the problem. Have you tried adding that web server to your trusted Root Certificates on the client?
If the client does not trust the certificate provider (your web server, since self-signed), it will throw exception when attempting to authenticate the certificate.
你是如何生成证书的?
默认情况下,makecert.exe 将生成不适合使用 ssl 身份验证的证书。
默认
使用“-sky exhange”选项生成合适的选项。
makecert -n "CN=Client" -pe -ss My -sr CurrentUser -sky Exchange client.cer
makecert -n "CN=Host" -pe -ss My -sr LocalMachine -sky Exchange host.cer
How did you generate the certificate?
By default makecert.exe will generate a certificate that is not suitable for use ssl authentication.
Use the "-sky exhange" option to generate a suitable one.
makecert -n "CN=Client" -pe -ss My -sr CurrentUser -sky exchange client.cer
makecert -n "CN=Host" -pe -ss My -sr LocalMachine -sky exchange host.cer