C# 无法创建 SSL/TLS 安全通道 - 问题可能出在代理服务器上吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1600743/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Could not create SSL/TLS secure channel - Could the problem be a proxy server?
提问by JL.
I have a c# app that calls a web service method that authenticates using a certificate. The code works, because when it is installed on server A (without a proxy) it authenticates.
我有 ac# 应用程序,它调用使用证书进行身份验证的 Web 服务方法。该代码有效,因为当它安装在服务器 A(没有代理)上时,它会进行身份验证。
When I install the code on server B, at client site, its installed behind a proxy. I've really tried almost everything but I keep getting this error:
当我在客户端站点的服务器 B 上安装代码时,它安装在代理后面。我真的几乎尝试了所有方法,但我不断收到此错误:
Could not create SSL/TLS secure channel
无法创建 SSL/TLS 安全通道
Do you think this issue can be caused by a proxy server? If you've had any personal experience with this please share.
您认为此问题可能是由代理服务器引起的吗?如果您对此有任何个人经验,请分享。
Thanks
谢谢
采纳答案by Bryan Slatner
In my experience, nearly all such messages are due to some machine in the chain (client, proxy, server) not "liking" a certificate for some reason.
根据我的经验,几乎所有此类消息都是由于链中的某些机器(客户端、代理、服务器)由于某种原因不“喜欢”证书。
To elaborate on what twk said, if you're using self-signed certificates, or your own CA, you need to install the signing cert in the trusted authorities store on the server at least, and possibly on the proxy.
为了详细说明 twk 所说的内容,如果您使用的是自签名证书或您自己的 CA,您至少需要在服务器上的受信任机构存储中安装签名证书,也可能在代理上安装。
Common problems I've encountered:
我遇到的常见问题:
- The certificate on the server is not signed by an authority that the PROXY or the CLIENT trusts
- The certificate on the CLIENT is not signed by an authority that the PROXY or the SERVER trusts
- Oops, I forgot to export the private key when I created the cert to be installed on the client
- My process does not have read permissions to the private key on the client
- The client certificate is password protected and I didn't specify credentials when reading the certificate.
- 服务器上的证书不是由 PROXY 或 CLIENT 信任的机构签署的
- CLIENT 上的证书不是由 PROXY 或 SERVER 信任的机构签署的
- 糟糕,我在创建要安装在客户端上的证书时忘记导出私钥
- 我的进程没有读取客户端私钥的权限
- 客户端证书受密码保护,我在阅读证书时没有指定凭据。
回答by twk
If your certificate is not trusted (is self signed) then C# client will refuse to connect.
如果您的证书不受信任(自签名),则 C# 客户端将拒绝连接。
回答by Snakebyte
I was having the same problem. In my case the certificates need the Network service access. You can check by
我遇到了同样的问题。在我的情况下,证书需要网络服务访问。您可以通过
- Open certificate MMC
- Navigate to Certificates (Local Computer) > Personal > Certificates
- Right click on your certificate and select All Tasks> Manage Private Keys… from the context menu
- Set the appropriate permission
- 开放证书MMC
- 导航到证书(本地计算机)> 个人 > 证书
- 右键单击您的证书,然后从上下文菜单中选择所有任务> 管理私钥...
- 设置合适的权限
