无法建立具有权限的 SSL/TLS 安全通道“*”
我必须使用具有 SSL 证书的 PHP Web 服务。我的 .net 3.5 类库在 Visualstudio 2010 中使用“添加服务引用”引用 Web 服务(WCF 对吧?)。
当调用我收到的Web服务的主要方法时;
无法使用权限“{base_url_of_WS}”建立 SSL/TLS 安全通道。
我尝试了很多,
System.Net.ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult);
public bool CheckValidationResult(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
但它不起作用。我还在自己的机器上安装了证书。
*额外信息;当我在“添加服务引用”中使用 wsdl 位置时,会发生相同的错误。在尝试之前,我使用的是静态 wsdl。
I must consume a PHP webservice which has a SSL certificate. My .net 3.5 Class library references the webservice with 'Add Service references' in Visualstudio 2010 (WCF right?).
When calling the main method of the webservice I receive;
Could not establish secure channel for SSL/TLS with authority '{base_url_of_WS}'.
I tried a lot, like
System.Net.ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult);
public bool CheckValidationResult(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
But It wouldn't work. Also I have the certificate installed on my own machine.
*Extra info; When I use the wsdl location in 'Add service reference' the same error occurs. Before I tried it, I worked with a static wsdl.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(11)
这正是我面临的问题。在其他一些文章中,我得到了更改配置的提示。对我来说这有效:
This was exact the problem I was facing. At some other article I got a hint to change the configuration. For me this works:
问题
我在从 ASP.NET Core MVC 项目调用第三方 API 时遇到了相同的错误消息。
解决方案
原来第三方API的服务器需要TLS 1.2。为了解决此问题,我将以下代码行添加到控制器的构造函数中:
Problem
I was running into the same error message while calling a third party API from my ASP.NET Core MVC project.
Solution
It turned out that the third party API's server required TLS 1.2. To resolve this issue, I added the following line of code to my controller's constructor:
是的,不受信任的证书可能会导致这种情况。通过在浏览器中打开 Web 服务并使用浏览器工具查看证书路径来查看 Web 服务的证书路径。您可能需要在调用 Web 服务的计算机上安装一个或多个中间证书。当您进一步调查时,您可能会在浏览器中看到“证书错误”以及“安装证书”选项 - 这可能是您丢失的证书。
我的特殊问题是在 2010 年 7 月升级根服务器后,Geotrust Geotrust DV SSL CA 中间证书丢失
https://knowledge.geotrust.com/support/ knowledge-base/index?page=content&id=AR1422
(2020 更新此处保留死链接:https://web.archive.org/web/20140724085537/https:// /knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422)
Yes an Untrusted certificate can cause this. Look at the certificate path for the webservice by opening the websservice in a browser and use the browser tools to look at the certificate path. You may need to install one or more intermediate certificates onto the computer calling the webservice. In the browser you may see "Certificate errors" with an option to "Install Certificate" when you investigate further - this could be the certificate you missing.
My particular problem was a Geotrust Geotrust DV SSL CA intermediate certificate missing following an upgrade to their root server in July 2010
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
(2020 update deadlink preserved here: https://web.archive.org/web/20140724085537/https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422 )
我们在新的网络服务器上从 .aspx 页面调用网络服务时遇到了这个问题。我们尚未向应用程序池用户授予计算机证书的权限。在我们向应用程序池用户授予权限后,该问题得到解决。
We had this issue on a new webserver from .aspx pages calling a webservice. We had not given permission to the app pool user to the machine certificate. The issue was fixed after we granted permission to the app pool user.
确保您以管理员身份运行 Visual Studio。
Ensure you run Visual Studio as an administrator.
如果它对其他人有帮助,请使用新的 Microsoft Web 服务参考提供程序工具,适用于 .NET Standard 和 .NET Core,我必须将以下行添加到绑定定义中,如下所示:
这实际上与 Micha 的答案相同,但在代码,因为没有配置文件。
因此,为了将绑定与 Web 服务的实例化结合起来,我这样做了:
其中 WebServiceClient 是您定义的 Web 服务的正确名称。
In case it helps anyone else, using the new Microsoft Web Service Reference Provider tool, which is for .NET Standard and .NET Core, I had to add the following lines to the binding definition as below:
This is effectively the same as Micha's answer but in code as there is no config file.
So to incorporate the binding with the instantiation of the web service I did this:
Where WebServiceClient is the proper name of your web service as you defined it.
代码有相同的错误:
通过添加密码解决:
Had same error with code:
Solved by adding password:
出现此错误的原因有很多,上次我通过修改
Reference.svcmap文件并更改 WSDL 文件的引用方式来解决该错误。抛出异常:
工作正常:
这看起来很奇怪,但我已经重现了它。这是在 .NET 4.5 和 4.7 上的控制台应用程序以及 4.7 上的 .NET WebAPI 站点中。
This error can occur for lots of reasons, and the last time, I solved it by modifying the
Reference.svcmapfile, and changing how the WSDL file is referenced.Throwing exception:
Working fine:
This seems weird, but I have reproduced it. This was in a console application on .NET 4.5 and 4.7, as well as a .NET WebAPI site on 4.7.
对我来说,解决方案是更改
SecurityProtocolType。我将此代码放在创建
BasicHttpsBinding之前。顺便说一句,我从代码端创建绑定,而不是从配置文件创建绑定。
For me the solution was changing the
SecurityProtocolType.I put this code before the
BasicHttpsBindingcreation.By the way i created binding from the code side, not from the config file.
以下是为我解决的问题:
1) 确保您以管理员身份运行 Visual Studio
2) 安装并运行 winhttpcertcfg.exe 以授予访问权限
https://msdn.microsoft.com/en-us/library/windows/desktop/aa384088(v=vs.85)。 aspx
该命令类似于以下内容:(输入您的证书主题和服务名称)
Here is what fixed for me:
1) Make sure you are running Visual Studio as Administrator
2) Install and run winhttpcertcfg.exe to grant access
https://msdn.microsoft.com/en-us/library/windows/desktop/aa384088(v=vs.85).aspx
The command is similar to below: (enter your certificate subject and service name)
服务以不同的用户身份运行,我必须进入管理私钥并添加用户权限
Service was running as a different user, I had to go into manage private key and add the users permissions