客户端端点证书参考,当可分辨名称部分中有逗号时如何查找?

发布于 2024-08-09 16:14:41 字数 1255 浏览 8 评论 0原文

我们正在尝试在 WCF 配置文件中引用客户端端点配置的证书。

配置如下所示:

<client>
    <endpoint address="https://domain.server.com/path/service.asmx"
        binding="basicHttpBinding" bindingConfiguration="TestServiceSoap"
        contract="..." name="...">
        <identity>
            <certificateReference storeName="TrustedPublisher"
                x509FindType="FindBySubjectDistinguishedName"
                findValue="...">....

对于测试证书,“Subject”属性如下所示:

CN = demo.domain.com
OU = Company
O = Company
L = City
S = County
C = CountryCode

如果我们为上面的 findValue 属性提供以下内容,则此方法有效:

CN=demo.domain.com, OU=Company, O=Company, L=City, S=County, C=CountryCode

但是,对于我们从第三方,他们已将其地址添加为其中的一部分,因此上面的标识符列表如下所示:

CN = demo.domain.com
OU = Company
STREET = Mainstreet 1, Town Center
L = City
S = County
C = CountryCode

显然,STREET 部分中的逗号不起作用,因为我们的字符串现在包含“Town Center”作为单独的部分没有名字。

我们如何指定要使用此标识符列表查找证书?

CN=demo.domain.com, OU=Company, O=Company, STREET=Mainstreet 1, Town Center, L=City, S=County, C=CountryCode
                                                              ^-- Argh!

We are trying to reference a certificate for a client endpoint configuration in our WCF configuration file.

The configuration looks like this:

<client>
    <endpoint address="https://domain.server.com/path/service.asmx"
        binding="basicHttpBinding" bindingConfiguration="TestServiceSoap"
        contract="..." name="...">
        <identity>
            <certificateReference storeName="TrustedPublisher"
                x509FindType="FindBySubjectDistinguishedName"
                findValue="...">....

For a test-certificate, the "Subject" property looks like this:

CN = demo.domain.com
OU = Company
O = Company
L = City
S = County
C = CountryCode

This works, if we provide the following for the findValue attribute above:

CN=demo.domain.com, OU=Company, O=Company, L=City, S=County, C=CountryCode

However, for a certificate we have from a third party, they have added their address as one part of this, so the above list of identifiers looks like this:

CN = demo.domain.com
OU = Company
STREET = Mainstreet 1, Town Center
L = City
S = County
C = CountryCode

Obviously, the comma in the STREET part will not work, as our string now contains "Town Center" as a separate part with no name.

How do we specify that we want to find the certificate using this list of identifiers?

CN=demo.domain.com, OU=Company, O=Company, STREET=Mainstreet 1, Town Center, L=City, S=County, C=CountryCode
                                                              ^-- Argh!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

请别遗忘我 2024-08-16 16:14:41

好吧,通过更多的实验,我们自己找到了答案。

首先,为了封装包含特殊字符的值,我们需要将它们用双引号引起来。

然而,这对于也使用双引号的 findName="..." 来说效果不佳,因此我们将其更改为单引号。

最终结果是这样的:

findName='..., STREET="Mainstreet 1, Town Center", ...'
         ^            ^                         ^     ^
         |            +---- this is needed -----+     |
         |                                            |
         +- and this is needed to use double quotes --+

Ok, with more experimentation we managed to find the answer ourselves.

First, to encapsulate values that contains special characters, we need to enclose them in double quotes.

This, however, won't play nice with findName="..." which also uses double quotes, so we changed that to single quotes.

The end result was this:

findName='..., STREET="Mainstreet 1, Town Center", ...'
         ^            ^                         ^     ^
         |            +---- this is needed -----+     |
         |                                            |
         +- and this is needed to use double quotes --+
迷离° 2024-08-16 16:14:41

这不是对您问题的直接答案,但如果您不愿意,您实际上不必将所有详细信息放在那里。 CN 应该足够了,除非你真的有多个人拥有相同的 CN???

所以你只需要:

CN=demo.domain.com

事实上你甚至不需要使用 FindBySubjectDistinguishedName 查找类型。您可以只使用 FindBySubjectName 并只输入简单的主题名称:

demo.domain.com

This isn't a direct answer to your question, but you don't really have to put all that detail in there if you don't want to. The CN should suffice unless you REALLY have multiple people with the same CN???

So you just need:

CN=demo.domain.com

In fact you don't even need to use the FindBySubjectDistinguishedName find type. You could just use FindBySubjectName and just put the plain subject name instead:

demo.domain.com
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文