Mono C# HTTPs (XMLRPC.NET) 失败:客户端证书或服务器证书问题?
解决与 相关的问题后XMLRPC.NET + HTTPs,我使用此 XMLRPC 客户端/服务器示例解决方案在 Windows 上进行了一些成功的测试,但无法让客户端(在 Mono Linux 上运行)连接到服务器(在 Windows 7 上运行)。当然,我使用自行生成的证书进行测试(在客户端和服务器中),但它不适用于 Linux 上的客户端。
正如您所看到的,客户端代码在启动时生成一个 X509 证书:
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
IStateName proxy = XmlRpcProxyGen.Create<IStateName>();
XmlRpcClientProtocol cp = (XmlRpcClientProtocol)proxy;
cp.Url = "https://127.0.0.1:5678/";
cp.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(@"C:\path\to\your\certificate\file\my.cer"));
cp.KeepAlive = false;
并且它旨在接受所有证书,甚至是不受信任的证书。但尽管如此,仍然行不通。
此外,使用 wget 的一些测试显示 wget https://www.google.com/ 成功联系并下载证书,但在我的情况下使用 wget https://192.168.1.3 则不然: 5678/,甚至使用 --no-check-certificate。
有人知道发生了什么事吗?非常感谢。
After resolving my problem related to XMLRPC.NET + HTTPs, I made some successful tests on Windows with this XMLRPC client/server sample solution but could not get the client (running on Mono Linux) to connect to the server (running on Windows 7). I am using self generated certificates of course for testing (both in client and server), but it does not work for client on Linux.
As you can see, the client code generates a X509 certificate on start :
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
IStateName proxy = XmlRpcProxyGen.Create<IStateName>();
XmlRpcClientProtocol cp = (XmlRpcClientProtocol)proxy;
cp.Url = "https://127.0.0.1:5678/";
cp.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(@"C:\path\to\your\certificate\file\my.cer"));
cp.KeepAlive = false;
and it is designed to accept all certificates, even untrusted. But despite this, it still does not work.
Also, some tests using wget shows that wget https://www.google.com/ successfully contacts and downloads certificate, but not in my case with wget https://192.168.1.3:5678/, and even with --no-check-certificate.
Does anyone have an idea on what's going on ? Thank you very much.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
快速回答:您的 .cer 文件不包含私钥,因此它不能用于客户端证书。
更长的答案
那么它在 Windows 上是如何工作的呢? CryptoAPI 将查询其证书存储以查看是否存在与证书匹配的私钥。如果是的话,它会自动加载它,
它如何在 Mono 上工作?最简单的解决方案是创建一个加载 PKCS#12 文件(即通常以 .pfx 或 .p12 为后缀)的
X509Certificate2实例。该文件(如果生成正确)将包含 X.509 证书和私钥 - 允许 Mono 在此上下文中使用该证书。Quick answer: Your .cer file does not contain a private key so it cannot be used for client certificates.
Longer answers
So how does it work on Windows ? CryptoAPI will query it's certificate store to see if a private key, matching the certificate, exists. If it does then it will load it automagically
How can it work on Mono ? The easiest solution is to create a
X509Certificate2instance that loads a PKCS#12 file (i.e. generally suffixed by .pfx or .p12). That file (if generated properly) will include both the X.509 certificate and the private key - allowing Mono to use the certificate in this context.