我需要给第三方服务打电话。并且该服务配置有相互SSL身份验证,并且仅支持 tls 1.2 。已为我提供了pfx证书,应将其添加到我的请求中。我已经使用mmc在受信任的根证书颁发机构和个人文件夹中安装了证书,但是我总是收到innerexception:请求被中止:无法创建SSL / TLS安全通道。以下是我的代码>
public static T Post<T>(string resourceUri, object request)
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
var requestHandler = new WebRequestHandler();
requestHandler.ServerCertificateValidationCallback = delegate { return true; };
requestHandler.ClientCertificates.Add(GetCertificate());
using (var client = new HttpClient(requestHandler))
{
client.BaseAddress = new Uri(resourceUri);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
try
{
var responseMessage = client.PostAsJsonAsync(resourceUri, request).Result;
}
catch (Exception ex)
{
var abc = ex;
}
//if (responseMessage.IsSuccessStatusCode)
// return responseMessage.Content.ReadAsAsync<T>().Result;
//else
// throw new Exception(responseMessage.Content.ReadAsStringAsync().Result);
return default(T);
}
}
private static X509Certificate2 GetCertificate()
{
X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
userCaStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
var certName = "testing.stg.io";
X509Certificate2Collection certs = certificatesInStore.Find(X509FindType.FindBySubjectName, certName, true);
X509Certificate2 clientCertificate = null;
if (certs.Count == 1)
clientCertificate = certs[0];
else
throw new Exception("Unable to locate the certificate.");
return clientCertificate;
}
catch
{
throw;
}
finally
{
userCaStore.Close();
}
}
异常屏幕截图:
启用网络跟踪后,这就是我在日志中看到的内容:
..................................... ...........................
System.Net.Sockets Verbose: 0 : [35672] 000003C0 : 64 1A CE 06 00 65 C1 90-78 DD 9F 5C 57 E5 89 FB : d....e..x..\W...
System.Net.Sockets Verbose: 0 : [35672] 000003D0 : 6F 0D AE 32 0F 9F 6A FF-35 51 71 CC EF AE C1 D0 : o..2..j.5Qq.....
System.Net.Sockets Verbose: 0 : [35672] 000003E0 : 41 29 D3 AC 1A 79 7E 85-63 FF F7 39 ED A0 6F 06 : A)...y~.c..9..o.
System.Net.Sockets Verbose: 0 : [35672] 000003F0 : 98 04 66 22 79 47 C6 55-5A 48 53 E6 4B A9 37 A3 : ..f"yG.UZHS.K.7.
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::EndSend(OverlappedAsyncResult#64923656)
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::EndSend() -> Int32#1461
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::BeginReceive()
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::BeginReceive() -> OverlappedAsyncResult#35236192
System.Net.Sockets Verbose: 0 : [35672] Data from Socket#64921669::PostCompletion
System.Net.Sockets Verbose: 0 : [35672] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::EndReceive(OverlappedAsyncResult#35236192)
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::EndReceive() -> Int32#5
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::BeginReceive()
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::BeginReceive() -> OverlappedAsyncResult#21943666
System.Net.Sockets Verbose: 0 : [35432] Data from Socket#64921669::PostCompletion
System.Net.Sockets Verbose: 0 : [35432] 00000000 : 02 2A : .*
System.Net.Sockets Verbose: 0 : [35432] Socket#64921669::EndReceive(OverlappedAsyncResult#21943666)
System.Net.Sockets Verbose: 0 : [35432] Exiting Socket#64921669::EndReceive() -> Int32#2
System.Net Information: 0 : [35432] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 7c47298:7c69600, targetName = 14.140.230.181, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [35432] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CertUnknown).
System.Net.Sockets Verbose: 0 : [35432] Socket#64921669::Dispose()
System.Net Error: 0 : [35432] Exception in HttpWebRequest#60068066:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [35432] HttpWebRequest#60068066::EndGetRequestStream()
System.Net Error: 0 : [35432] Exception in HttpWebRequest#60068066::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..
System.Net.Http Error: 0 : [35432] Exception in WebRequestHandler#45004109::SendAsync - The request was aborted: Could not create SSL/TLS secure channel..
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
System.Net.Http Error: 0 : [35432] HttpClient#2383799::SendAsync() - An error occurred while sending HttpRequestMessage#58870012. System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
给定错误的可能原因是什么? Wireshark屏幕截图。
上面的日志和捕获内容对你们有意义吗?我被困在这里很长时间,无法弄清楚失误在哪里?证书不良的原因可能是什么?