0
我有一種情況,我需要簽署帶有Java Web服務使用的X509證書的soap請求。通過WCF的魔力,我們能夠正確地形成信封,並且在標準http上看起來都很棒。但是,一旦我們轉移到HTTPS(客戶端要求),我們開始接收錯誤「無法建立具有權限的SSL/TLS安全通道的信任關係」。我們嘗試調整一些設置並將目標域更改爲其他已知HTTPS網站,我們仍然收到相同的錯誤。以下是我們的客戶配置,非常感謝!通過HTTPS的WCF customBinding
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding
name="myCustomBinding"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00">
<textMessageEncoding
messageVersion="Soap11" />
<security
allowInsecureTransport="true"
authenticationMode="MutualCertificate"
requireDerivedKeys="false"
keyEntropyMode="ClientEntropy"
includeTimestamp="false"
securityHeaderLayout="Lax"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
<secureConversationBootstrap />
</security>
<httpsTransport />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="wsHttpCertificateBehavior">
<clientCredentials>
<clientCertificate
findValue="MyCertName"
storeLocation="LocalMachine"
x509FindType="FindByIssuerName"/>
<serviceCertificate>
<authentication
revocationMode="NoCheck"
trustedStoreLocation="LocalMachine" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint
address="https://www.SomeUrl.com"
binding="customBinding"
bindingConfiguration="myCustomBinding"
behaviorConfiguration="wsHttpCertificateBehavior"
contract="ServiceReference1.ServiceTest"
name="untk48_dfSoap">
<identity>
<certificateReference findValue="MyCertName" storeLocation="LocalMachine" x509FindType="FindByIssuerName"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
它可能適用於您,但這不會使任何舊證書安裝到任何CA存儲中都是正確的。 – shambulator