找不到证书:请求已中止:无法创建SSL / TLS安全通道

时间:2016-03-18 07:32:01

标签: security ssl https certificate

我知道这是一个相当常见的错误,但在类似问题中找不到答案。

我通过https调用web服务,向请求添加证书(由证书存储中的指纹找到):

            X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
            byte[] certifikat = null;
            foreach (X509Certificate2 cert in store.Certificates)
            {
                if (cert.Thumbprint.Equals(thumbprint))
                    certifikat = cert.GetRawCertData();
            }

System.Security.Cryptography.X509Certificates.X509Certificate cert =
 new System.Security.Cryptography.X509Certificates.X509Certificate(certifikat);
                        request.ClientCertificates.Add(cert);
                ServicePointManager.SecurityProtocol =
 SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;

我在配置文件中添加了一个部分以获取System.Net跟踪。我的Web客户端找到证书并加载它,但System.Net找不到它(SecureChannel#34640832 - 无法在LocalMachine商店或CurrentUser商店中找到证书)。

为什么?

下面的完整System.Net日志:

System.Net Verbose: 0 : [5284] WebRequest::Create(https://erst-apipreprod.virk.dk/distribution-service-cvr-ekstern/HentAktuelDeltagerEkstern/enhedsnr/123456789?virksomheder&attributter)
System.Net Verbose: 0 : [5284] HttpWebRequest#2383799::HttpWebRequest(https://erst-apipreprod.virk.dk/distribution-service-cvr-ekstern/HentAktuelDeltagerEkstern/enhedsnr/123456789?virksomheder&attributter#-1497397424)
System.Net Information: 0 : [5284] Current OS installation type is 'Server'.
System.Net Information: 0 : [5284] RAS supported: True
System.Net Verbose: 0 : [5284] Exiting HttpWebRequest#2383799::HttpWebRequest() 
System.Net Verbose: 0 : [5284] Exiting WebRequest::Create()     -> HttpWebRequest#2383799
System.Net Verbose: 0 : [5284] ServicePoint#58870012::ServicePoint(erst-apipreprod.virk.dk:443)
System.Net Information: 0 : [5284] Associating HttpWebRequest#2383799 with ServicePoint#58870012
System.Net Verbose: 0 : [5284] HttpWebRequest#2383799::GetResponse()
System.Net Information: 0 : [5284] Associating Connection#60068066 with HttpWebRequest#2383799
System.Net Information: 0 : [5284] Connection#60068066 - Created connection from 192.168.64.34:50453 to 193.88.50.132:443.
System.Net Information: 0 : [5284] TlsStream#3741682::.ctor(host=erst-apipreprod.virk.dk, #certs=1)
System.Net Information: 0 : [5284] Associating HttpWebRequest#2383799 with ConnectStream#33675143
System.Net Information: 0 : [5284] HttpWebRequest#2383799 - Request: GET /distribution-service-cvr-ekstern/HentAktuelDeltagerEkstern/enhedsnr/123456789?virksomheder&attributter HTTP/1.1

System.Net Information: 0 : [5284] ConnectStream#33675143 - Sending headers
{
Accept: application/json
Content-Type: application/json
Host: erst-apipreprod.virk.dk
Connection: Keep-Alive
}.
System.Net Information: 0 : [5284] SecureChannel#34640832::.ctor(hostname=erst-apipreprod.virk.dk, #clientCertificates=1, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [5284] Enumerating security packages:
System.Net Information: 0 : [5284]     Negotiate
System.Net Information: 0 : [5284]     NegoExtender
System.Net Information: 0 : [5284]     Kerberos
System.Net Information: 0 : [5284]     NTLM
System.Net Information: 0 : [5284]     TSSSP
System.Net Information: 0 : [5284]     pku2u
System.Net Information: 0 : [5284]     WDigest
System.Net Information: 0 : [5284]     Schannel
System.Net Information: 0 : [5284]     Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [5284]     CREDSSP
System.Net Information: 0 : [5284] SecureChannel#34640832 - Attempting to restart the session using the user-provided certificate: [Subject]
  {serial number of certificate here}

[Issuer]
  CN=TRUST2408 OCES CA II, O=TRUST2408, C=DK

[Serial Number]
  53C25339

[Not Before]
  22-02-2016 09:56:44

[Not After]
  22-02-2019 09:31:06

[Thumbprint]
  0FDA1E459B5F2065292EA0A6589185DFAA04CC52
.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Left with 1 client certificates to choose from.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Trying to find a matching certificate in the certificate store.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Locating the private key for the certificate: [Subject]
  {serial number of certificate here}

[Issuer]
  CN=TRUST2408 OCES CA II, O=TRUST2408, C=DK

[Serial Number]
  53C25339

[Not Before]
  22-02-2016 09:56:44

[Not After]
  22-02-2019 09:31:06

[Thumbprint]
  0FDA1E459B5F2065292EA0A6589185DFAA04CC52
.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Cannot find the certificate in either the LocalMachine store or the CurrentUser store.
System.Net Information: 0 : [5284] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)
System.Net Information: 0 : [5284] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = erst-apipreprod.virk.dk, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5284] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=123, returned code=ContinueNeeded).
System.Net Information: 0 : [5284] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 9c6cc0:f5b8fb5320, targetName = erst-apipreprod.virk.dk, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5284] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [5284] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 9c6cc0:f5b8fb5320, targetName = erst-apipreprod.virk.dk, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5284] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [5284] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 9c6cc0:f5b8fb5320, targetName = erst-apipreprod.virk.dk, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5284] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [5284] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 9c6cc0:f5b8fb5320, targetName = erst-apipreprod.virk.dk, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5284] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CredentialsNeeded).
System.Net Information: 0 : [5284] SecureChannel#34640832 - We have user-provided certificates. The server has specified 8 issuer(s). Looking for certificates that match any of the issuers.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Selected certificate: [Subject]
  {serial number of certificate here}

[Issuer]
  CN=TRUST2408 OCES CA II, O=TRUST2408, C=DK

[Serial Number]
  53C25339

[Not Before]
  22-02-2016 09:56:44

[Not After]
  22-02-2019 09:31:06

[Thumbprint]
  0FDA1E459B5F2065292EA0A6589185DFAA04CC52
.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Left with 1 client certificates to choose from.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Trying to find a matching certificate in the certificate store.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Locating the private key for the certificate: [Subject]
  {serial number of certificate here}

[Issuer]
  CN=TRUST2408 OCES CA II, O=TRUST2408, C=DK

[Serial Number]
  53C25339

[Not Before]
  22-02-2016 09:56:44

[Not After]
  22-02-2019 09:31:06

[Thumbprint]
  0FDA1E459B5F2065292EA0A6589185DFAA04CC52
.
System.Net Information: 0 : [5284] SecureChannel#34640832 - Cannot find the certificate in either the LocalMachine store or the CurrentUser store.
System.Net Information: 0 : [5284] Using the cached credential handle.
System.Net Information: 0 : [5284] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 9c6cc0:f5b8fb5320, targetName = erst-apipreprod.virk.dk, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5284] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=141, returned code=ContinueNeeded).
System.Net Information: 0 : [5284] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 9c6cc0:f5b8fb5320, targetName = erst-apipreprod.virk.dk, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5284] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net Error: 0 : [5284] Exception in HttpWebRequest#2383799:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Error: 0 : [5284] Exception in HttpWebRequest#2383799::GetResponse - The request was aborted: Could not create SSL/TLS secure channel..

1 个答案:

答案 0 :(得分:0)

Instead of this 
 ServicePointManager.SecurityProtocol =
 SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;

Use This:
ServicePointManager.Expect100Continue = true;

            ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;


It Worked for me

U can view this link
            //Ref:http://stackoverflow.com/questions/2859790/the-request-was-aborted-could-not-create-ssl-tls-secure-channel
相关问题
最新问题