问题:
尝试在Kestrel / .net核心上使用实现SSL
错误讯息:
托管调试助手'FatalExecutionEngineError'检测到了
'C:\my.exe'中的问题。附加信息:运行时具有 遇到致命错误。错误的地址位于0x053150a3, 在线程0x1c44上。错误代码为0xc0000005。这个错误可能是一个 CLR中的错误或用户的不安全或不可验证部分 码。此错误的常见来源包括用户编组错误 COM-interop或PInvoke,可能会破坏堆栈。
请求答案:
我怀疑我的问题是我的证书,如下所述。如果这确实是真的,我将非常感谢如何创建.pfx文件的逐步说明。此外,我不明白如何存储证书:IIS和IIS Express是否都需要不同的证书,或者它们是否在注册表中查看并使用通用证书?
代码:
public static void Main(string[] args)
{
string env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
var config = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("hosting.json", optional: true)
.AddJsonFile($"appsettings.{env}.json", optional: false)
.AddCommandLine(args) // will get server.urls from command line
.Build();
X509Certificate2 xCert = new X509Certificate2("localhostSSLCert.pfx", config["Data:SSLPassword"]);
var host = new WebHostBuilder()
.UseKestrel(x => x.UseHttps(xCert))
.UseConfiguration(config)
.UseContentRoot(Directory.GetCurrentDirectory())
//.UseUrls("http://localhost:53389/")
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
try
{
host.Run();
}
catch (Exception ex)
{
string y = ex.Message;
}
}
我为调试做了什么:
当我单步执行代码并查看cert(我的代码中的xCert)时,它似乎是一个有效的对象,意思是.net已正确读取文件(我看到了我的域名等)。
但是我仍然怀疑我的问题是证书。我发现了许多试图解释如何生成.pfx文件的文章。
我用来生成我正在使用的.pfx文件的主要文章是这样的:
https://blogs.msdn.microsoft.com/robert_mcmurray/2013/11/15/how-to-trust-the-iis-express-self-signed-certificate/
我研究过的其他文章:
creating valid test SSL certificates for IIS http://dotnetthoughts.net/how-to-setup-https-on-kestrel/ http://rainabba.blogspot.com/2014/03/ssl-certs-for-iis-with-pfx-once-and-for.html
我无法使用证书MMC管理单元导出证书。始终禁用.pfx选项。
project.json
{
"version": "1.0.0-*",
"userSecretsId": "aspnet-WebApp1-c23d27a4-eb88-4b18-9b77-2a93u3b15119",
"dependencies": {
"Microsoft.Extensions.Logging": "1.0.0",
"Blog.Core": "1.0.0-*",
"Blog.Domain": "1.0.0-*",
"Blog.Model": "1.0.0-*",
"Blog.Services": "1.0.0-*",
"Microsoft.Extensions.Caching.Memory": "1.0.0",
"Microsoft.Extensions.Caching.Abstractions": "1.0.0",
"Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
"Microsoft.AspNetCore.Session": "1.0.0",
"Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0",
"Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
"Microsoft.Extensions.Configuration.Json": "1.0.0",
"Microsoft.Extensions.Logging.Console": "1.0.0",
"Microsoft.Extensions.Logging.Debug": "1.0.0",
"NETStandard.Library": "1.6.0",
"Autofac.Extensions.DependencyInjection": "4.0.0",
"Microsoft.Extensions.Configuration.CommandLine": "1.0.0",
"Microsoft.AspNetCore.Mvc": "1.0.1",
"Microsoft.AspNetCore.Server.Kestrel": "1.0.1",
"Autofac": "4.1.1",
"Microsoft.ApplicationInsights.AspNetCore": "1.0.2",
"Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.1"
},
"tools": {
"Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-preview2-final"
},
"frameworks": {
"net462": {
"frameworkAssemblies": {
"System.Drawing": "4.0.0.0"
}
}
},
"buildOptions": {
"emitEntryPoint": true,
"preserveCompilationContext": true
},
"runtimeOptions": {
"gcServer": true
},
"publishOptions": {
"include": [
"wwwroot",
"Views",
"appsettings.json",
"appsettings.prod.json",
"appsettings.development.json",
"logs",
"web.config"
]
},
"scripts": {
"postpublish": [ "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%" ]
}
}
答案 0 :(得分:2)
要确保问题仅与您的证书有关,请尝试使用Kestrel示例中的test certificate。
由于证书需要密码(testPassword),请使用KestrelServerOptions.UseHttps()的第二版。 github sample的示例:
var host = new WebHostBuilder()
.UseKestrel(options =>
{
// options.ThreadCount = 4;
options.NoDelay = true;
options.UseHttps("testCert.pfx", "testPassword");
options.UseConnectionLogging();
})
.UseUrls("http://localhost:5000", "https://localhost:5001")
不要忘记将证书包含在发布流程中(包括publishOptions中的project.json)。
"publishOptions": {
"include": [
...,
"testCert.pfx"
]
}