使用Letsencrypt证书

时间:2016-12-09 06:37:59

标签: ssl mono nuget macos-sierra lets-encrypt

我们将自己的存储库用于nuget包(来自Sonatype的Nexus3)。没有SSL证书,它运行良好。

现在我们决定让不在办公室的开发人员通过互联网访问我们的回购。我们想使用Letsencrypt证书。这很好用。 Web界面没问题,我们可以从Visual Studio与repositoreis进行通信。

如果我们尝试从mac连接到repo(macOS 10.12.1),则连接失败(无论是在Nuget CLI下,还是来自Xamaris Studio或paket)。

版本:

osx-build-agent:bin buildagent$ mono --version
Mono JIT compiler version 4.6.2 (mono-4.6.0-branch/08fd525 Thu Nov 10 20:28:28 EST 2016)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
    TLS:           normal
    SIGSEGV:       altstack
    Notification:  kqueue
    Architecture:  x86
    Disabled:      none
    Misc:          softdebug 
    LLVM:          yes(3.6.0svn-mono-master/8b1520c)
    GC:            sgen

osx-build-agent:tools buildagent$ mono NuGet.exe
NuGet Version: 3.4.3.855
usage: NuGet <command> [args] [options] 
Type 'NuGet help <command>' for help on a specific command.

我从单声道工具中删除了tlstest.exe并得到以下错误:

FAILED: #-2146233079
System.Net.WebException: Error: SecureChannelFailure (The authentication or decryption has failed.) ---> System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x0003a] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:430 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:256 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:418 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x00035] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:396 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:101 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x00051] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:883 
  at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x00011] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System/Mono.Net.Security/LegacySslStream.cs:475 
  at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00000] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System/Mono.Net.Security/LegacySslStream.cs:445 
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x0001e] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs:99 
   --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (System.IAsyncResult asyncResult) [0x0005e] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System/System.Net/HttpWebRequest.cs:1023 
  at System.Net.HttpWebRequest.GetResponse () [0x0000e] in /private/tmp/source-mono-4.6.0/bockbuild-mono-4.6.0-branch/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System/System.Net/HttpWebRequest.cs:1037 
  at TlsTest.GetWebPage (System.String url) [0x000a2] in /Users/buildagent/Projects/SSLTest/SSLTest/Program.cs:184 
  at TlsTest.Main (System.String[] args) [0x002c0] in /Users/buildagent/Projects/SSLTest/SSLTest/Program.cs:143 

如果我尝试使用此工具连接到使用Letsencryp证书的已知网站(例如https://community.letsencrypt.org),也会发生同样的情况。

我已经尝试了以下但没有成功:

  • mozroots --import --sync
  • mozroots --import --sync --machine(不适用于macOS)
  • certmgr -ssl https://letsencrypt.org并接受了三个当局
  • certmgr -ssl https://community.letsencrypt.org和我们的回购网站。

最后一次总是以:

结束
Mono Certificate Manager - version 4.6.2.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


Unhandled Exception:
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0  ---> System.IO.IOException: Unable to write data to the transport connection: The socket has been shut down. ---> System.Net.Sockets.SocketException: The socket has been shut down
  at System.Net.Sockets.Socket.EndSend (System.IAsyncResult result) [0x00033] in <bd46d4d4f7964dfa9beea098499ab597>:0 
  at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x0005f] in <bd46d4d4f7964dfa9beea098499ab597>:0 
   --- End of inner exception stack trace ---
  at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x000af] in <bd46d4d4f7964dfa9beea098499ab597>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.EndSendRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.SendRecord (Mono.Security.Protocol.Tls.ContentType contentType, System.Byte[] recordData) [0x0000b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (Mono.Security.Protocol.Tls.Alert alert) [0x00027] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (System.Exception& ex) [0x00021] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
   --- End of inner exception stack trace ---
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00028] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x00035] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00076] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x00094] in <8f2c484307284b51944a1a13a14c0266>:0 
  at System.IO.StreamWriter.Flush () [0x00006] in <8f2c484307284b51944a1a13a14c0266>:0 
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) [0x00093] in <facd5c0e258a4f19ba1c49a19b1b0dc1>:0 
  at Mono.Tools.CertificateManager.Ssl (System.String host, System.Boolean machine, System.Boolean verbose) [0x00028] in <facd5c0e258a4f19ba1c49a19b1b0dc1>:0 
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00216] in <facd5c0e258a4f19ba1c49a19b1b0dc1>:0 
[ERROR] FATAL UNHANDLED EXCEPTION: System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0  ---> System.IO.IOException: Unable to write data to the transport connection: The socket has been shut down. ---> System.Net.Sockets.SocketException: The socket has been shut down
  at System.Net.Sockets.Socket.EndSend (System.IAsyncResult result) [0x00033] in <bd46d4d4f7964dfa9beea098499ab597>:0 
  at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x0005f] in <bd46d4d4f7964dfa9beea098499ab597>:0 
   --- End of inner exception stack trace ---
  at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x000af] in <bd46d4d4f7964dfa9beea098499ab597>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.EndSendRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.SendRecord (Mono.Security.Protocol.Tls.ContentType contentType, System.Byte[] recordData) [0x0000b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (Mono.Security.Protocol.Tls.Alert alert) [0x00027] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (System.Exception& ex) [0x00021] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
   --- End of inner exception stack trace ---
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00028] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x00035] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00076] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x00094] in <8f2c484307284b51944a1a13a14c0266>:0 
  at System.IO.StreamWriter.Flush () [0x00006] in <8f2c484307284b51944a1a13a14c0266>:0 
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) [0x00093] in <facd5c0e258a4f19ba1c49a19b1b0dc1>:0 
  at Mono.Tools.CertificateManager.Ssl (System.String host, System.Boolean machine, System.Boolean verbose) [0x00028] in <facd5c0e258a4f19ba1c49a19b1b0dc1>:0 
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00216] in <facd5c0e258a4f19ba1c49a19b1b0dc1>:0 

我应该怎么做才能在macOS上运行nuget runnig(使用Letsencrypt证书)?

修改

Mono 4.8行为

osx-build-agent:bin buildagent$ ./mono --version
Mono JIT compiler version 4.8.0 (mono-4.8.0-branch/f5fbc32 Mon Nov 14 14:10:00 EST 2016)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
    TLS:           normal
    SIGSEGV:       altstack
    Notification:  kqueue
    Architecture:  x86
    Disabled:      none
    Misc:          softdebug 
    LLVM:          yes(3.6.0svn-mono-master/8b1520c)
    GC:            sgen

osx-build-agent:bin buildagent$ ./certmgr -ssl https://community.letsencrypt.org
Mono Certificate Manager - version 4.8.0.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


Unhandled Exception:
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00028] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x00035] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00076] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x00094] in <829ce140006e4cad9124766ee7f51179>:0 
  at System.IO.StreamWriter.Flush () [0x00006] in <829ce140006e4cad9124766ee7f51179>:0 
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) [0x00093] in <8f0191f2d4224208a456d99f3d667fc2>:0 
  at Mono.Tools.CertificateManager.Ssl (System.String host, System.Boolean machine, System.Boolean verbose) [0x00028] in <8f0191f2d4224208a456d99f3d667fc2>:0 
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00216] in <8f0191f2d4224208a456d99f3d667fc2>:0 
[ERROR] FATAL UNHANDLED EXCEPTION: System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00028] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x00035] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00076] in <4d95459e5c814a5dad6816d7b3a5a54b>:0 
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x00094] in <829ce140006e4cad9124766ee7f51179>:0 
  at System.IO.StreamWriter.Flush () [0x00006] in <829ce140006e4cad9124766ee7f51179>:0 
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) [0x00093] in <8f0191f2d4224208a456d99f3d667fc2>:0 
  at Mono.Tools.CertificateManager.Ssl (System.String host, System.Boolean machine, System.Boolean verbose) [0x00028] in <8f0191f2d4224208a456d99f3d667fc2>:0 
  at Mono.Tools.CertificateManager.Main (System.String[] args) [0x00216] in <8f0191f2d4224208a456d99f3d667fc2>:0 

0 个答案:

没有答案