我正在開發一個WCF服務(NetTcpBinding),它工作得很好,沒有安全性。我們從DigiCert購買了證書,並將其安裝在服務器上並使用DigicertUtil.exe進行配置。也安裝在測試客戶機上。根據驗證程序,遠程證書無效
打開安全性我可以從我的開發PC連接到它,沒有任何問題。
服務器配置:
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
binding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
ServerHost.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
Properties.Settings.Default.CertificateName);
客戶端配置:(我修改了域名和服務名,以保持客戶的隱私)
<binding name="EndPointTCP" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false"
hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="1610612736"
maxReceivedMessageSize="1610612736">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="false" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/>
</security>
</binding>
<behaviors>
<endpointBehaviors>
<behavior name="behavior_ServerService">
<clientCredentials>
<clientCertificate findValue="*.domain.com"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="net.tcp://clients.domain.com:10001/Server/ServerService"
binding="netTcpBinding" bindingConfiguration="EndPointTCP" contract="ServerServiceReference.IServerWS"
name="EndPointTCP" behaviorConfiguration="behavior_ServerService">
<identity>
<dns value="*.domain.com" />
</identity>
</endpoint>
</client>
從任何其他計算機嘗試它我在客戶端收到以下錯誤:
The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:59.9840000'.
An existing connection was forcibly closed by the remote host
服務器上的跟蹤日誌說:
The remote certificate is invalid according to the validation procedure.
,因爲我使用的服務器和客戶端使用相同的證書,這是非常奇怪的......(別說dev的PC從它的工作好...)
錯誤信息是一樣的,即使我設置
ServerHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
在服務器上
和
ServiceClient.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
在客戶端上。
有人能告訴我如何正確地做到這一點嗎?當然,我不想使用變通方法,比如驗證回調總是返回true或者上面的未驗證模式。
任何幫助,將不勝感激。只有這個「小」問題應該得到解決,以便能夠釋放... :(
非常感謝事先!
Hudgi
http:// stackoverflow。COM /問題/ 777607 /的遠程證書 - 是 - 根據到的驗證無效 - - 程序-PLE 複製粘貼1線和KABOOM :) – ariel 2012-03-07 09:14:01