客户端端点证书参考,当可分辨名称部分中有逗号时如何查找?
我们正在尝试在 WCF 配置文件中引用客户端端点配置的证书。
配置如下所示:
<client>
<endpoint address="https://domain.server.com/path/service.asmx"
binding="basicHttpBinding" bindingConfiguration="TestServiceSoap"
contract="..." name="...">
<identity>
<certificateReference storeName="TrustedPublisher"
x509FindType="FindBySubjectDistinguishedName"
findValue="...">....
对于测试证书,“Subject”属性如下所示:
CN = demo.domain.com
OU = Company
O = Company
L = City
S = County
C = CountryCode
如果我们为上面的 findValue 属性提供以下内容,则此方法有效:
CN=demo.domain.com, OU=Company, O=Company, L=City, S=County, C=CountryCode
但是,对于我们从第三方,他们已将其地址添加为其中的一部分,因此上面的标识符列表如下所示:
CN = demo.domain.com
OU = Company
STREET = Mainstreet 1, Town Center
L = City
S = County
C = CountryCode
显然,STREET 部分中的逗号不起作用,因为我们的字符串现在包含“Town Center”作为单独的部分没有名字。
我们如何指定要使用此标识符列表查找证书?
CN=demo.domain.com, OU=Company, O=Company, STREET=Mainstreet 1, Town Center, L=City, S=County, C=CountryCode
^-- Argh!
We are trying to reference a certificate for a client endpoint configuration in our WCF configuration file.
The configuration looks like this:
<client>
<endpoint address="https://domain.server.com/path/service.asmx"
binding="basicHttpBinding" bindingConfiguration="TestServiceSoap"
contract="..." name="...">
<identity>
<certificateReference storeName="TrustedPublisher"
x509FindType="FindBySubjectDistinguishedName"
findValue="...">....
For a test-certificate, the "Subject" property looks like this:
CN = demo.domain.com
OU = Company
O = Company
L = City
S = County
C = CountryCode
This works, if we provide the following for the findValue attribute above:
CN=demo.domain.com, OU=Company, O=Company, L=City, S=County, C=CountryCode
However, for a certificate we have from a third party, they have added their address as one part of this, so the above list of identifiers looks like this:
CN = demo.domain.com
OU = Company
STREET = Mainstreet 1, Town Center
L = City
S = County
C = CountryCode
Obviously, the comma in the STREET part will not work, as our string now contains "Town Center" as a separate part with no name.
How do we specify that we want to find the certificate using this list of identifiers?
CN=demo.domain.com, OU=Company, O=Company, STREET=Mainstreet 1, Town Center, L=City, S=County, C=CountryCode
^-- Argh!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
好吧,通过更多的实验,我们自己找到了答案。
首先,为了封装包含特殊字符的值,我们需要将它们用双引号引起来。
然而,这对于也使用双引号的
findName="..."来说效果不佳,因此我们将其更改为单引号。最终结果是这样的:
Ok, with more experimentation we managed to find the answer ourselves.
First, to encapsulate values that contains special characters, we need to enclose them in double quotes.
This, however, won't play nice with
findName="..."which also uses double quotes, so we changed that to single quotes.The end result was this:
这不是对您问题的直接答案,但如果您不愿意,您实际上不必将所有详细信息放在那里。 CN 应该足够了,除非你真的有多个人拥有相同的 CN???
所以你只需要:
事实上你甚至不需要使用 FindBySubjectDistinguishedName 查找类型。您可以只使用 FindBySubjectName 并只输入简单的主题名称:
This isn't a direct answer to your question, but you don't really have to put all that detail in there if you don't want to. The CN should suffice unless you REALLY have multiple people with the same CN???
So you just need:
In fact you don't even need to use the FindBySubjectDistinguishedName find type. You could just use FindBySubjectName and just put the plain subject name instead: