400未发送所需的SSL证书

时间:2015-09-23 08:30:00

标签: c# ssl nginx https

无法从C#客户端发送https请求。这是我的代码:

var client = WebRequest.Create("https://hastname.com/bla bla bla") as HttpWebRequest;
var cert = new X509Certificate2(File.ReadAllBytes("c:\\certs\\MyCert.pfx"), "MyPassword");
client.ClientCertificates.Add(cert);
result = new StreamReader(client.GetResponse().GetResponseStream()).ReadToEnd();

服务器端没问题,因为如果我在我的mashine证书商店中安装了证书,那么每个方面都可以。

我比较了2个请求: 1.证书从证书商店中删除,我从代码中的文件加载它 2.证书安装在证书商店

在我的结果下方

首先,我从文件加载证书 

Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: ECDHE_RSA (0xae06) 256bits

== Server Certificate ==========
[Subject]
  CN=xxx, OU=Web Services, O=xxx, S=England, C=GB

[Issuer]
  E=xx@xxx.com, CN=xxx Server Intermediate CA, OU=CA, O=xxx, S=England, C=GB

[Serial Number]
  1000

[Not Before]
  17.09.2015 12:51:29

[Not After]
  26.09.2016 12:51:29

[Thumbprint]
  xxxxxxxxxxxxxxxxxxxxxxxx7

这就是我从本地mashine证书商店加载证书 

Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: ECDHE_RSA (0xae06) 256bits

== Client Certificate ==========
[Subject]
  CN=WinClient, OU=Client Apps, O=xxx, S=England, C=GB

[Issuer]
  E=xx@xxxxx.com, CN=xxxx Client Intermediate CA, OU=CA, O=xxx, S=England, C=GB

[Serial Number]
  1000

[Not Before]
  17.09.2015 13:19:55

[Not After]
  26.09.2016 13:19:55

[Thumbprint]
  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7


== Server Certificate ==========
[Subject]
  CN=xx.xxxxxxx.com, OU=Web Services, O=xxx, S=England, C=GB

[Issuer]
  E=xx@xxxxx.com, CN=xxx Server Intermediate CA, OU=CA, O=xxx, S=England, C=GB

[Serial Number]
  1000

[Not Before]
  17.09.2015 12:51:29

[Not After]
  26.09.2016 12:51:29

[Thumbprint]
  xxxxxxxxxxxxxxxxxxxxxx7

如您所见,第一次请求中没有客户端证书部分。我怎么解决我的问题?

P.S。我的观点是发送请求,其中包含从文件加载的证书,而不是来自证书库。

1 个答案:

答案 0 :(得分:0)

ok首先,从字节数组创建X509Certificate2对象存在一些已知问题,请参阅此处的提示5 http://paulstovell.com/blog/x509certificate2以获取更多信息。

.pfx文件可以包含多个证书,因此您需要加载它并迭代查找所需的证书或者只是添加它们。试试这段代码

X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import("c:\\certs\\MyCert.pfx", "MyPassword", X509KeyStorageFlags.PersistKeySet);
client.ClientCertificates.AddRange(collection);
相关问题
最新问题