我有IIS託管WCF REST Web服務,它適用於HTTPS,我生成證書IIS和分配HTTPS來端口混淆證書
我通過IE瀏覽器產生的CER。我創建了一個測試應用程序,無論是否添加客戶端證書,甚至添加錯誤的證書,都會發生連接,並且我得到正確的響應。我想知道如果沒有發送證書,郵件是如何解密的。
目的地不安全或我誤解了整個事情。 也
我從回調有錯誤 「CheckValidationResult()」 可以是 CertCN_NO_MATCH = 0x800B010F 或 「未知證書問題」 時,certificateProblem(CheckValidationResult的參數)爲0,這種情況下
什麼是CertCN_NO_MATCH eror,什麼是CN?
查看下面的代碼。
ServicePointManager.CertificatePolicy = new CertPolicy();
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(String.Format("https://{0}/uri", ip));
//request.ClientCertificates.Add(new X509Certificate("D:\\ThePubKey.cer"));
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
using (StreamWriter stream = new StreamWriter(request.GetRequestStream()))
{
stream.Write("RequestType=CheckStatus&ReportType=Fulfillment&ReportID=5");
}
using (StreamReader stream = new StreamReader(request.GetResponse().GetResponseStream()))
{
Response.ContentType = "text/xml";
Response.Output.Write(stream.ReadToEnd());
Response.End();
}
class CertPolicy : ICertificatePolicy
{
public enum CertificateProblem : uint
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
}
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem)
{
// You can do your own certificate checking.
// You can obtain the error values from WinError.h.
// Return true so that any certificate will work with this sample.
String error = "";
using (StringWriter writer = new StringWriter())
{
writer.WriteLine("Certificate Problem with accessing " + request.RequestUri);
writer.Write("Problem code 0x{0:X8},", (int)certificateProblem);
writer.WriteLine(GetProblemMessage((CertificateProblem)certificateProblem));
error = writer.ToString();
}
return true;
}
private String GetProblemMessage(CertificateProblem Problem)
{
String ProblemMessage = "";
CertificateProblem problemList = new CertificateProblem();
String ProblemCodeName = Enum.GetName(problemList.GetType(), Problem);
if (ProblemCodeName != null)
ProblemMessage = ProblemMessage + "-Certificateproblem:" +
ProblemCodeName;
else
ProblemMessage = "Unknown Certificate Problem";
return ProblemMessage;
}
}
也有一些是我不不明白,當我根本沒有任何證書時,SSL連接已成功建立,我想知道服務器如何在沒有客戶端證書的情況下解密消息 – Costa 2010-06-23 08:05:02
客戶端證書僅用於身份驗證。這是用於加密共享密鑰的服務器證書(取決於密碼套件)。 使用可選的客戶端證書時,不提供證書是可以的,但提供無效的證書往往會導致握手失敗。 我懷疑服務器沒有配置爲信任你的客戶端證書(它是來自服務器信任的CA的這個客戶端證書嗎?),或者沒有將該證書映射到系統已知的用戶。 (不知道這是如何與IIS協同工作的。)這可能值得看看http://msdn.microsoft.com/en-us/library/aa376545%28VS.85%29.aspx – Bruno 2010-06-27 10:58:50