WCF错误:SecurityTokenValidationException“ X.509证书CN = XXX链构建失败...”
我有以下错误:
system.inditymodel.tokens.securityTokenValidationException
X.509证书CN = rootca链构建失败。这 使用的证书具有无法验证的信任链。 替换证书或更改证书validationmode。一个 经过证书链,但在根证书中终止 信托不信任。
我正在使用的证书是您可以在本教程之后创建的证书:如何:创建在开发过程中使用的临时证书特别是“ rootca”证书。 我真的不知道如何解决它。我已经尝试过的事情:
- 将证书validationmode设置为“无”,设置revocationmode 要“ nocheck”
- 创建具有“父”证书的证书 立即使用并尝试使用它(如示例中,在上一个链接中)
- 将证书导入可信赖的人并委托根 文件夹
- 将StoreName设置为“ ServiceCertificate”中的“ TrustedPeople” 在 “身份验证”节点-Along与点3-
- 使用CurrentUser作为storelotiation
我的当前代码(我需要隐藏文件的名称以获取隐私):
client
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:51845/XXXXX.svc" behaviorConfiguration="BCertificado"
binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding"
contract="XXXXXF1Service.IXXXXXF1Service" name="basicHttpEndpoint">
<identity>
<certificate encodedValue="Huge string" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="BCertificado">
<clientCredentials>
<clientCertificate findValue="RootCA" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Server
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndpointBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="service1">
<endpoint address="XXXXXServices" binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding"
name="basicHttpEndpoint" contract="IXXXXF1Service" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- Para evitar revelar información de los metadatos, establezca los valores siguientes en false antes de la implementación -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"/>
<!-- Para recibir detalles de las excepciones en los errores para la depuración, establezca el siguiente valor en true. Para no revelar información sobre las excepciones establézcalo en false antes de la implementación -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="RootCA" x509FindType="FindBySubjectName" storeLocation="LocalMachine"/>
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" />
</protocolMapping>
也不知道与这些文件相关的任何其他建议,因为我不知道什么老实说。非常感谢您。
I'm having the following error:
System.IdentityModel.Tokens.SecurityTokenValidationException
The X.509 certificate CN=RootCA chain building failed. The
certificate that was used has a trust chain that cannot be verified.
Replace the certificate or change the certificateValidationMode. A
certificate chain processed, but terminated in a root certificate
which is not trusted by the trust.
The certificate I'm using is the one that you can create following this tutorial: How to: Create Temporary Certificates for Use During Development specifically the "RootCA" certificate.
I have genuinely no idea how to solve it. The things I have already tried:
- Setting certificateValidationMode to "None", setting revocationMode
to "NoCheck" - Creating a certificate that has as "parent" the certificate I'm
using right now and trying with it (as in the example there is in the previous link) - Importing the certificate to Trusted People and Entrusted Root
folders - Setting storeName to "TrustedPeople" in the "serviceCertificate"
node and trustedStoreLocation to "LocalMachine" in the
"authentication" node -along with the point 3- - Using CurrentUser as storeLocation
My current code is (I need to hide the name of my files for privacy):
Client
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:51845/XXXXX.svc" behaviorConfiguration="BCertificado"
binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding"
contract="XXXXXF1Service.IXXXXXF1Service" name="basicHttpEndpoint">
<identity>
<certificate encodedValue="Huge string" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="BCertificado">
<clientCredentials>
<clientCertificate findValue="RootCA" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Server
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndpointBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="service1">
<endpoint address="XXXXXServices" binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding"
name="basicHttpEndpoint" contract="IXXXXF1Service" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- Para evitar revelar información de los metadatos, establezca los valores siguientes en false antes de la implementación -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"/>
<!-- Para recibir detalles de las excepciones en los errores para la depuración, establezca el siguiente valor en true. Para no revelar información sobre las excepciones establézcalo en false antes de la implementación -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="RootCA" x509FindType="FindBySubjectName" storeLocation="LocalMachine"/>
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" />
</protocolMapping>
Any other advice related to those files is also appreciated since I dont know what I'm doing to be honest. Thank you so much in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试在客户端应用程序中添加端点行为,并设置端点中添加的行为配置。
Try adding the endpoint behavior in your client application and set the behavior configuration you added in the endpoint.