我正在爲客戶使用C#編寫的客戶端程序,該程序連接到客戶使用的需要客戶端證書的服務進行身份驗證當試圖建立從客戶盒到服務的連接時,它會失敗(下面的日誌)我沒有直接訪問我們嘗試連接的服務,所以我儘可能地在本地進行測試,然後發送給客戶程序的版本來測試.NET - 客戶端證書認證 - '留有0個客戶端證書可供選擇。「
的一些注意事項: - 我的代碼是使用自簽名的證書爲客戶端和一個「模擬」服務器我放在一起工作本地 - 我使用HttpWebRequest.ClientCertificates.Add。 (...)設置客戶端證書 - 目前我使用ServicePointManager.ServerCertificateValidationCallback來始終接受服務器證書(臨時/只是暫時隔離客戶端證書問題)。 - 客戶使用來自CA的證書作爲其客戶證書(即:不是自簽證書)。 - 客戶端證書存儲在我們的程序直接打開的p12文件中(不是來自Windows證書管理器)。 - 基於其他日誌我有客戶端證書加載好,並有私鑰。
下面是來自客戶系統的日誌。我真的不確定如何解釋它。這條線看起來很重要:「我們有用戶提供的證書,服務器已經指定了6個發行者,尋找與任何發行者匹配的證書。」這是否意味着客戶端證書頒發者需要匹配服務器指定的發佈者之一?我怎麼能看到這個列表是什麼,它似乎不在任何地方的網絡跟蹤日誌中(我可以看到客戶端證書頒發者,但不是服務器期望的頒發者)。
System.Net Warning: 0 : [1272] The Registry value 'Software\Microsoft\Windows NT\CurrentVersion\InstallationType' was either empty or not a string type.
System.Net Information: 0 : [1272] Current OS installation type is 'Unknown'.
System.Net Verbose: 0 : [1272] WebRequest::Create(https://[redacted])
System.Net Verbose: 0 : [1272] HttpWebRequest#27504314::HttpWebRequest(https://[redacted]#-921164489)
System.Net Information: 0 : [1272] RAS supported: True
System.Net Verbose: 0 : [1272] Exiting HttpWebRequest#27504314::HttpWebRequest()
System.Net Verbose: 0 : [1272] Exiting WebRequest::Create() -> HttpWebRequest#27504314
System.Net Verbose: 0 : [1272] HttpWebRequest#27504314::GetRequestStream()
System.Net Information: 0 : [1272] Associating HttpWebRequest#27504314 with ServicePoint#46212239
System.Net Information: 0 : [1272] Associating Connection#13256970 with HttpWebRequest#27504314
System.Net Information: 0 : [1272] Connection#13256970 - Created connection from [redacted] to [redacted].
System.Net Information: 0 : [1272] TlsStream#52203868::.ctor(host=[redacted], #certs=1)
System.Net Information: 0 : [1272] Associating HttpWebRequest#27504314 with ConnectStream#72766
System.Net Verbose: 0 : [1272] Exiting HttpWebRequest#27504314::GetRequestStream() -> ConnectStream#72766
System.Net Verbose: 0 : [1272] ConnectStream#72766::Write()
System.Net Verbose: 0 : [1272] Data from ConnectStream#72766::Write
[redacted (xml)]
System.Net Verbose: 0 : [1272] Exiting ConnectStream#72766::Write()
System.Net Verbose: 0 : [1272] ConnectStream#72766::Close()
System.Net Verbose: 0 : [1272] Exiting ConnectStream#72766::Close()
System.Net Verbose: 0 : [1272] HttpWebRequest#27504314::GetResponse()
System.Net Information: 0 : [1272] HttpWebRequest#27504314 - Request: POST [redacted] HTTP/1.1
System.Net Information: 0 : [1272] SecureChannel#5894079::.ctor(hostname=[redacted], #clientCertificates=1, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [1272] Enumerating security packages:
System.Net Information: 0 : [1272] Negotiate
System.Net Information: 0 : [1272] Kerberos
System.Net Information: 0 : [1272] NTLM
System.Net Information: 0 : [1272] Schannel
System.Net Information: 0 : [1272] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [1272] WDigest
System.Net Information: 0 : [1272] DPA
System.Net Information: 0 : [1272] Digest
System.Net Information: 0 : [1272] MSN
System.Net Information: 0 : [1272] SecureChannel#5894079 - Attempting to restart the session using the user-provided certificate: [Version]
V3
[Subject]
CN=[redacted]
Simple Name: [redacted]
DNS Name: [redacted]
[Issuer]
CN=[redacted]
Simple Name: [redacted]
DNS Name: [redacted]
[Serial Number]
[redacted]
[Not Before]
5/8/2013 9:34:17 AM
[Not After]
4/28/2015 9:34:17 AM
[Thumbprint]
[redacted]
[Signature Algorithm]
[redacted]
[Public Key]
Algorithm: RSA
Length: 2048
Key Blob: [redacted]
System.Net Information: 0 : [1272] SecureChannel#5894079 - Left with 1 client certificates to choose from.
System.Net Information: 0 : [1272] SecureChannel#5894079 - Trying to find a matching certificate in the certificate store.
System.Net Information: 0 : [1272] SecureChannel#5894079 - Locating the private key for the certificate: [Version]
V3
[Subject]
CN=[redacted]
Simple Name: [redacted]
DNS Name: [redacted]
[Issuer]
CN=[redacted]
Simple Name: [redacted]
DNS Name: [redacted]
[Serial Number]
[redacted]
[Not Before]
5/8/2013 9:34:17 AM
[Not After]
4/28/2015 9:34:17 AM
[Thumbprint]
[redacted]
[Signature Algorithm]
[redacted]
[Public Key]
Algorithm: RSA
Length: 2048
Key Blob: [redacted]
System.Net Information: 0 : [1272] SecureChannel#5894079 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [1272] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [1272] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = [redacted], inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [1272] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=77, returned code=ContinueNeeded).
System.Net Information: 0 : [1272] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1e5098:1962c68, targetName = [redacted], inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [1272] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CredentialsNeeded).
System.Net Information: 0 : [1272] SecureChannel#5894079 - We have user-provided certificates. The server has specified 6 issuer(s). Looking for certificates that match any of the issuers.
System.Net Information: 0 : [1272] SecureChannel#5894079 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [1272] Using the cached credential handle.
System.Net Information: 0 : [1272] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1e5098:1962c68, targetName = [redacted], inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [1272] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=317, returned code=ContinueNeeded).
System.Net Information: 0 : [1272] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1e5098:1962c68, targetName = [redacted], inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [1272] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CertUnknown).
System.Net Error: 0 : [1272] Exception in the HttpWebRequest#27504314:: - The request was aborted: Could not create SSL/TLS secure channel.
System.Net Error: 0 : [1272] Exception in the HttpWebRequest#27504314::GetResponse - The request was aborted: Could not create SSL/TLS secure channel.