我没什么问题。我在Windows Server 2003中使用了证书颁发机构并撤销了客户端证书。 客户端证书已撤销证书。我尝试在Windows Server 2003中的winform应用程序中验证此客户端证书的撤销。代码在这里:
private bool VefiryCert(X509Certificate2 cert)
{
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode =
X509RevocationMode.Online;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 1000);
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; X509VerificationFlags.AllowUnknownCertificateAuthority;
return chain.Build(cert);
}
But this client certificate is verify as true。我很困惑,哪里可以有问题?如何检查吊销列表,该列表在winform应用程序中加载并用于验证此客户端证书?
所以问题是我使用方法VefiryCert验证客户端证书,该证书位于撤销列表中(在证书颁发机构中),证书验证为TRUE。
有人能帮助我吗?
答案 0 :(得分:0)
我在服务器上遇到过类似的问题。我发现打电话给
ServicePointManager.CheckCertificateRevocationList = true;
允许我看到异常
failed: System.ServiceModel.Security.SecurityNegotiationException : Could not establish trust relationship for the SSL/TLS secure channel with authority 'XXX.XXX.net'.
----> System.Net.WebException : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
----> System.Security.Authentication.AuthenticationException : The remote certificate is invalid according to the validation procedure.