X509 / SSL证书:请求已中止:无法创建SSL / TLS安全通道

时间:2018-02-15 04:41:09

标签: .net encryption wireshark x509 client-certificates

我正在使用X509证书启用与远程服务器的HTTPS连接以使用Web服务。

当我在Chrome浏览器中调用URL(https://abc:xyz)时它会显示带有证书详细信息的选择证书弹出窗口,我选择证书并单击确定然后在Chrome浏览器窗口中显示WSDL但是在IE和其他浏览器中它并没有像预期的那样发生。

我试图使用System.Net跟踪连接请求详细信息,它捕获了以下详细信息,

System.Net Information: 0 : [18048] ConnectStream#2057527 - Sending headers
{
Content-Type: application/soap+xml; charset=utf-8
VsDebuggerCausalityData: uIDPo94MQgusWbZIjUgfCLAP3K4AAAAAIHoKeK7mt0Oc7fMoLLczM4ReHSdTHDFCmbHXDnli+jsACQAA
Host: abc:xyz
Content-Length: 1453
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
}.
System.Net Information: 0 : [18048] SecureChannel#51438198::.ctor(hostname=abc:xyz, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [18048] Enumerating security packages:
System.Net Information: 0 : [18048]     Negotiate
System.Net Information: 0 : [18048]     NegoExtender
System.Net Information: 0 : [18048]     Kerberos
System.Net Information: 0 : [18048]     NTLM
System.Net Information: 0 : [18048]     TSSSP
System.Net Information: 0 : [18048]     pku2u
System.Net Information: 0 : [18048]     WDigest
System.Net Information: 0 : [18048]     Schannel
System.Net Information: 0 : [18048]     Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [18048]     Default TLS SSP
System.Net Information: 0 : [18048]     CREDSSP
System.Net Information: 0 : [18048] SecureChannel#51438198 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [18048] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)
System.Net Information: 0 : [18048] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = abc:xyz, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [18048] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=128, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [18048] Socket#50289903::Send()
System.Net.Sockets Verbose: 0 : [18048] Data from Socket#50289903::Send
System.Net.Sockets Verbose: 0 : [18048] 00000000 : 16 03 01 00 7B 01 00 00-77 03 01 5A 82 90 D8 AC : ....{...w..Z....
System.Net.Sockets Verbose: 0 : [18048] 00000010 : CD C6 8C BF D6 E9 D5 DB-22 1F B4 B6 AD 40 CF FE : ........"....@..
System.Net.Sockets Verbose: 0 : [18048] 00000020 : 31 00 8C 51 B8 D5 63 3C-46 92 43 00 00 0E C0 0A : 1..Q..c<F.C.....
System.Net.Sockets Verbose: 0 : [18048] 00000030 : C0 09 C0 14 C0 13 00 35-00 2F 00 0A 01 00 00 40 : .......5./.....@
System.Net.Sockets Verbose: 0 : [18048] 00000040 : 00 00 00 1D 00 1B 00 00-18 78 7A 74 2E 73 65 72 : .........
System.Net.Sockets Verbose: 0 : [18048] 00000050 : 76 69 63 65 73 2E 69 72-64 2E 67 6F 76 74 2E 6E : 
System.Net.Sockets Verbose: 0 : [18048] 00000060 : 7A 00 0A 00 08 00 06 00-1D 00 17 00 18 00 0B 00 : ...............
System.Net.Sockets Verbose: 0 : [18048] 00000070 : 02 01 00 00 23 00 00 00-17 00 00 FF 01 00 01 00 : ....#...........
System.Net.Sockets Verbose: 0 : [18048] Exiting Socket#50289903::Send()     -> Int32#128
System.Net.Sockets Verbose: 0 : [18048] Socket#50289903::Receive()
System.Net.Sockets Verbose: 0 : [18048] Data from Socket#50289903::Receive
System.Net.Sockets Verbose: 0 : [18048] 00000000 : 15 03 01 00 02                                  : .....
System.Net.Sockets Verbose: 0 : [18048] Exiting Socket#50289903::Receive()  -> Int32#5
System.Net.Sockets Verbose: 0 : [18048] Socket#50289903::Receive()
System.Net.Sockets Verbose: 0 : [18048] Data from Socket#50289903::Receive
System.Net.Sockets Verbose: 0 : [18048] 00000005 : 02 28                                           : .(
System.Net.Sockets Verbose: 0 : [18048] Exiting Socket#50289903::Receive()  -> Int32#2
System.Net Information: 0 : [18048] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 99f5768:9a5fea0, targetName = abc:xyz, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [18048] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [18048] Socket#50289903::Dispose()
System.Net Error: 0 : [18048] Exception in HttpWebRequest#32233916:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Error: 0 : [18048] Exception in HttpWebRequest#32233916::GetResponse - The request was aborted: Could not create SSL/TLS secure channel..

可能是什么原因以及我们将看到指定错误的场景。

更新:我特别担心此消息SecureChannel#51438198::.ctor(hostname=abc:xyz, #clientCertificates=0, encryptionPolicy=RequireEncryption)

1 个答案:

答案 0 :(得分:0)

可能发生的情况是,浏览器在商店中没有足够的证书来创建完整的证书链以呈现给服务器。这意味着缺少根证书,中间证书甚至客户端证书。如果客户端证书在证书库中没有与其关联的私钥,那么您也可能会收到此错误。

所以你可以做的是从浏览器导出客户端证书+私钥和中间证书+根证书,然后将它们添加到无法找到客户端证书的浏览器中。

相关问题
最新问题