WCF:客户端相互证书身份验证问题(无法为具有权限的 SSL/TLS 建立安全通道)
我已经对我的问题进行了彻底的研究,并阅读了许多其他帖子/博客,但他们的解决方案并没有解决我的问题。我希望有人能提供帮助。
我有一个非常简单的 WCF 服务,它使用 WsHttpBinding 传输安全性和相互证书身份验证。服务器证书是自签名证书,我已确认我在客户端计算机上的受信任存储中拥有该证书。服务器在受信任的证书存储中拥有客户端证书(也是自签名的),并且我已经验证可以使用 SOAPUI 客户端对服务进行相互验证。
但是,我无法使用我创建的 WCF 客户端来执行此操作。在 WCF 客户端上,我通过调用通道工厂的 Credentials.ClientCertificate.SetCertificate(...) 方法来设置客户端证书,并且还添加了
ServicePointManager.ServerCertificateValidationCallback +=
( sender,
certificate,
chain,
sslPolicyErrors ) => true;
绕过所有可能的服务器证书问题的方法,但我总是得到:无法建立安全与权威 server.com 建立 SSL/TLS 通道。
有人可以向我建议可能是什么问题和/或我应该做什么才能使其正常工作吗?任何帮助表示赞赏。
谢谢。
I've done thorough research on my problem and have read many other posts/blogs but their solutions didn't solve mine. I was hoping someone could help.
I have a very simple WCF service that uses WsHttpBinding Transport Security with Mutual Certificate Authentication. The server certificate is self-signed certificate and I have confirmed I have the certificate in the trusted store on the client machine. The server has the client certificate (also self-signed) in the trusted certificate store and I have already verified that I can mutually-authenticate to the service fine using SOAPUI client.
However, I'm not able to do so using the WCF client I created. On the WCF client, I've set the client certificate by calling the channel factory's Credentials.ClientCertificate.SetCertificate(...) method and I've also added
ServicePointManager.ServerCertificateValidationCallback +=
( sender,
certificate,
chain,
sslPolicyErrors ) => true;
to bypass all possible server certificate problems but I always get: Could not establish secure channel for SSL/TLS with authority server.com.
Can someone please suggest to me what might be the problem and/or what I should do to get this working? Any help is appreciated.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
试试这个看看这是否只是证书信任链的问题:
http://webservices20.blogspot.com/2008/12/wcf-gotcha-disabling-ssl-validation.html
try this to see if this is only a problem with the certificate trust chain:
http://webservices20.blogspot.com/2008/12/wcf-gotcha-disabling-ssl-validation.html