[dotNET]用HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

news/2024/6/18 1:54:27

HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 


HttpWebRequest加载证书建立SSL通道时发生异常的解决办法

 

@UltraPower

关键字:HttpWebRequest,

SSL,X509Certificate

dotNet  Framwork 1.1

编写时间: 2005-3-29

WSE 2.0 SP3

 

目的:

对于用HttpWebRequest加载证书请求远端https服务器时,发生的

基础连接已经关闭: 无法与远程服务器建立信任关系。”/

“The underlying connection was closed. Could not establish a secure SSL/TLS connection”错误,我们可以用如下方式解决。

 

重现:

使用以下代码,你就可以得到这个错误基础连接已经关闭: 无法与远程服务器建立信任关系

using System;

using System.Text;

using System.Net;

using System.IO;

using System.Security.Cryptography.X509Certificates;

 

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

using Microsoft.Web.Services2.Security.X509;

 

static void Main (string[] args)

        {

            StringBuilder sb=new StringBuilder();

            string _strToRequest = "send";

 

            try

            {

                //POST请求开始

                byte[] bt=Encoding.Default.GetBytes("send");

                HttpWebRequest Req=(HttpWebRequest)System.Net.WebRequest.Create("https://202.108.CCC.XXX:Port//");

                Req.KeepAlive=true;

                //Req.Timeout=60000;

                Req.ContentType="text/xml";

                Req.ContentLength=_strToRequest.Length;

                Req.Method="POST";

 

                X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );

                store.OpenRead();

    

                //读取证书的keyid

                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =

                    store.FindCertificateByKeyIdentifier( Convert.FromBase64String( "CXv+xZ78zI3qWHGJ6Wh9BF6B 23A =" ) );

                X509SecurityToken token = null;

                if (certs.Count > 0)

                {

                    // 得到证书存储区的第1个人证书

                    token = new X509SecurityToken( ((Microsoft.Web.Services2.Security.X509.X509Certificate) certs[0]) );

                } 

                if(token != null)

                    Req.ClientCertificates.Add(token.Certificate);

 

                Req.KeepAlive=true;

 

                Stream ReqStream=Req.GetRequestStream();

                ReqStream.Write(bt,0,bt.Length);

                ReqStream.Close();

 

                //得到响应

                HttpWebResponse res=(HttpWebResponse)Req.GetResponse();

                StreamReader sr=new StreamReader(res.GetResponseStream(),Encoding.Default);

                sb.Append(sr.ReadToEnd());

                res.Close();

                sr.Close();

            }

            catch(Exception ex)

            {    

                sb.Remove(0,sb.Length);

                sb.Append(" /n");

                sb.Append(" 1.0.0/">/n");

                sb.Append(" "+ex.Message+" /n");

                sb.Append("/n");

            }

 

            Console.WriteLine(sb.ToString());

 

            Console.Read();

        }

 

原因:

“http://msdn.microsoft.com/library/chs/default.asp?url=/library/CHS/cpguide/html/cpconhostingremoteobjectsininternetinformationservicesiis.asp”提到:

证书标识特定的计算机,该计算机的名称位于证书的公共名称中。但是,很容易就会更改计算机的名称或使用客户端配置文件中的localhost,这会在客户端和服务器证书中的公共名称之间造成不匹配的情况。在 .NET Framework 1.0 版中,这一不匹配的情况将被忽略,并且将在服务器上引发调用。

.NET Framework 1.1 版开始,这一不匹配的情况会引发以下异常:“System.Net.WebException:基础连接已经关闭:无法与远程服务器建立信任关系。如果您无法配置远程处理客户端以使用证书公共名称,则可以使用客户端应用程序配置文件中的以下设置重写这一不匹配的情况。

  

     

         checkCertificateName="true"

      />

  

若要以编程方式使客户端忽略证书名称不匹配,客户端必须创建一个特定类的实例,如果 certificateProblem 值为 0x 800c 010f ,该类将实现 ICertificatePolicy 接口并实现 CheckValidationResult 方法以返回 true。然后,您必须将该对象注册到 System.Net.ServicePointManager 对象,方法是将该对象传递到 ServicePointManager.CertificatePolicy 属性

解决之道:

但是用它列出的代码还是不对,我们改为CheckValidationResult无条件返回true即可。如下所示声明一个TrustAllCertificatePolicy类:

 

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

        {

            public TrustAllCertificatePolicy()

            {}

 

            public bool CheckValidationResult(ServicePoint sp,

                System.Security.Cryptography.X509Certificates.X509Certificate cert,

                WebRequest req, int problem)

            {

                return true;

            }

        }

 

然后,在请求之前加上

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

即可。

 

这样,代码就可以顺利和https服务器建立SSL通道了。

 

@UltraPower

 



http://www.niftyadmin.cn/n/3649315.html

相关文章

prisma orm_Prisma中的身份验证-第3部分:验证

prisma orm_Prisma中的身份验证-第3部分:验证

prisma ormIn Part 2 of this series we covered how to generate a temporary token for our user whenever they login or create an account. Now we’re going to wrap it up by restricting our data to only certain authorized users. 在本系列的第2部分中,我…
阅读更多...
H5前端基础——盒子模型

H5前端基础——盒子模型

CSS中将每一个元素都设置为了一个矩形的盒子 将所有的元素都设置为盒子,是为了方便页面的布局 当这些元素都是盒子以后,我们的布局就变成了在页面中摆放盒子 盒子模型 每个盒子都由如下几部分构成 内容区 内容区相当于盒子存放东西的空间 内容区在盒子的…
阅读更多...
H5前端基础——布局

H5前端基础——布局

浮动 使用float来设置元素浮动 可选值 none 默认值,不浮动,元素在文档流中 left 元素向左浮动 right 元素向右浮动 特点 1.元素浮动以后会完全脱离文档流 2.浮动以后元素会一直向父元素的最上方移动 3.直到遇到父元素的边框或者其他的浮动元素&#x…
阅读更多...
盖茨比乔布斯_使用盖茨比的useStaticQuery挂钩的快速指南

盖茨比乔布斯_使用盖茨比的useStaticQuery挂钩的快速指南

盖茨比乔布斯The useStaticQuery React Hook was added to Gatsby.js starting with version 2.1.0, and it’s an incredibly convenient way to make (build-time) GraphQL queries from any component within a Gatsby site. In this quick lesson, we’ll go over how to i…
阅读更多...
客户端封装Fragment和Activity

客户端封装Fragment和Activity

一、封装activity public abstract class Activity extends AppCompatActivity {Overrideprotected void onCreate(Nullable Bundle savedInstanceState) {super.onCreate(savedInstanceState);initWindows();if (initargs(getIntent().getExtras())) {// 得到界面Id并设置到Ac…
阅读更多...
Android Studio中的手机通讯录开发

Android Studio中的手机通讯录开发

Android Studio中的手机通讯录,包含功能(按首字母排序,动态添加) 第一次写博客,也刚踏入工作,想着把自己在项目中遇到的问题,以及自己在工作中所做的项目记录下来,方便以后自己查找…
阅读更多...
redis排序_如何在Redis中管理排序集

redis排序_如何在Redis中管理排序集

redis排序介绍 (Introduction) Redis is an open-source, in-memory key-value data store. In Redis, sorted sets are a data type similar to sets in that both are non repeating groups of strings. The difference is that each member of a sorted set is associated w…
阅读更多...
Android版本和API Level的对应关系

Android版本和API Level的对应关系

在开发Android时,老是不知道Android版本号和对应API level,这个问题真是麻烦,我们在发布声波传输SDK时也遇到这样的问题,版本号是对外发布的版本号,一般都是主版本号.子版本号.修正版本号的命名规则,说白了…
阅读更多...
最新文章

Copyright @ 2022~2023