我修改了WCF路由器示例以删除我当前没有使用的内容,支持clientVia而不是直接连接,并支持HTTP和HTTPS。当我使用路由器作为启用MLS的服务的中介时,一切正常。当我使用路由器作为启用TLS和MLS的服务的中间件时,我无法设置安全对话。
我使用HTTP连接到路由器并尝试使用HTTPS路由到启用SSL的服务。如果我尝试使用TLS到路由器,那么路由器必须是HTTPS ..然后我需要证书匹配,这就是为什么我要设置客户端==(HTTP)==&gt ;路由器==(HTTPS)==>服务关系。
在直接连接(有效)的情况下发送以建立TLS的消息与通过路由器时发送的用于建立TLS的消息非常不同。看起来客户端正在指示发送的是什么,但是客户端不应该只是发送MLS消息而路由器正在建立TLS然后发送MLS消息?
跟随代码和配置信息,以及由此产生的流量(直接和通过路由器)。由于没有对RouterBindingElement类进行相关更改,因此我从下面的代码中删除了它(以节省空间)。
非常感谢任何关于如何使SSL工作的建议。
public enum RouterTransport
{
Http = 0,
Tcp = 1,
NamedPipe = 2,
Https = 3
}
public enum MessageEncoding
{
Text,
Binary,
Mtom,
}
public class RouterBinding : Binding, IBindingRuntimePreferences
{
MessageEncoding messageEncoding;
RouterTransport transport;
HttpTransportBindingElement httpTransport;
HttpsTransportBindingElement httpsTransport;
TcpTransportBindingElement tcpTransport;
NamedPipeTransportBindingElement namedPipeTransport;
TextMessageEncodingBindingElement textEncoding;
MtomMessageEncodingBindingElement mtomEncoding;
BinaryMessageEncodingBindingElement binaryEncoding;
public RouterBinding()
: base()
{
Initialize();
}
public RouterBinding(string configurationName)
: this()
{
ApplyConfiguration(configurationName);
}
public RouterBinding(RouterTransport transport)
: this()
{
this.Transport = transport;
if (transport == RouterTransport.NamedPipe || transport == RouterTransport.Tcp)
{
this.MessageEncoding = MessageEncoding.Binary;
}
}
public RouterTransport Transport
{
get { return this.transport; }
set
{
this.transport = value;
}
}
public MessageEncoding MessageEncoding
{
get { return this.messageEncoding; }
set
{
this.messageEncoding = value;
}
}
public HostNameComparisonMode HostNameComparisonMode
{
get { return this.tcpTransport.HostNameComparisonMode; }
set
{
this.tcpTransport.HostNameComparisonMode = value;
this.namedPipeTransport.HostNameComparisonMode = value;
this.httpTransport.HostNameComparisonMode = value;
this.httpsTransport.HostNameComparisonMode = value;
}
}
public int ListenBacklog
{
get { return this.tcpTransport.ListenBacklog; }
set { this.tcpTransport.ListenBacklog = value; }
}
public long MaxBufferPoolSize
{
get { return this.tcpTransport.MaxBufferPoolSize; }
set
{
this.tcpTransport.MaxBufferPoolSize = value;
this.namedPipeTransport.MaxBufferPoolSize = value;
}
}
public int MaxBufferSize
{
get { return this.tcpTransport.MaxBufferSize; }
set
{
this.tcpTransport.MaxBufferSize = value;
this.namedPipeTransport.MaxBufferSize = value;
}
}
public int MaxConnections
{
get { return this.tcpTransport.ConnectionPoolSettings.MaxOutboundConnectionsPerEndpoint; }
set
{
this.tcpTransport.MaxPendingConnections = value;
this.namedPipeTransport.MaxPendingConnections = value;
this.tcpTransport.ConnectionPoolSettings.MaxOutboundConnectionsPerEndpoint = value;
this.namedPipeTransport.ConnectionPoolSettings.MaxOutboundConnectionsPerEndpoint = value;
}
}
public long MaxReceivedMessageSize
{
get { return this.tcpTransport.MaxReceivedMessageSize; }
set
{
this.tcpTransport.MaxReceivedMessageSize = value;
this.namedPipeTransport.MaxReceivedMessageSize = value;
this.httpTransport.MaxReceivedMessageSize = value;
this.httpsTransport.MaxReceivedMessageSize = value;
}
}
public bool PortSharingEnabled
{
get { return this.tcpTransport.PortSharingEnabled; }
set { this.tcpTransport.PortSharingEnabled = value; }
}
public TransferMode TransferMode
{
get { return this.tcpTransport.TransferMode; }
set
{
this.tcpTransport.TransferMode = value;
this.namedPipeTransport.TransferMode = value;
this.httpTransport.TransferMode = value;
this.httpsTransport.TransferMode = value;
}
}
bool IBindingRuntimePreferences.ReceiveSynchronously
{
get { return false; }
}
public override string Scheme
{
get { return this.TransportElement.Scheme; }
}
void Initialize()
{
this.httpTransport = new HttpTransportBindingElement();
this.httpsTransport = new HttpsTransportBindingElement();
this.tcpTransport = new TcpTransportBindingElement();
this.namedPipeTransport = new NamedPipeTransportBindingElement();
this.textEncoding = new TextMessageEncodingBindingElement();
this.mtomEncoding = new MtomMessageEncodingBindingElement();
this.binaryEncoding = new BinaryMessageEncodingBindingElement();
this.httpTransport.ManualAddressing = true;
this.httpsTransport.ManualAddressing = true;
this.tcpTransport.ManualAddressing = true;
this.namedPipeTransport.ManualAddressing = true;
this.transport = RouterTransport.Http;
this.messageEncoding = MessageEncoding.Text;
}
void ApplyConfiguration(string configurationName)
{
RouterBindingCollectionElement bindingCollectionElement = RouterBindingCollectionElement.GetBindingCollectionElement();
RouterBindingElement element = bindingCollectionElement.Bindings[configurationName];
if (element == null)
{
throw new ConfigurationErrorsException(string.Format("ConfigInvalidBindingConfigurationName", configurationName, bindingCollectionElement.BindingName));
}
else
{
element.ApplyConfiguration(this);
}
}
TransportBindingElement TransportElement
{
get
{
switch (this.transport)
{
case RouterTransport.Http:
return this.httpTransport;
case RouterTransport.Https:
return this.httpsTransport;
case RouterTransport.Tcp:
return this.tcpTransport;
case RouterTransport.NamedPipe:
return this.namedPipeTransport;
}
return null;
}
}
MessageEncodingBindingElement EncodingElement
{
get
{
switch (this.messageEncoding)
{
case MessageEncoding.Text:
return this.textEncoding;
case MessageEncoding.Mtom:
return this.mtomEncoding;
case MessageEncoding.Binary:
return this.binaryEncoding;
}
return null;
}
}
public override BindingElementCollection CreateBindingElements()
{
BindingElementCollection elements = new BindingElementCollection();
elements.Add(this.EncodingElement);
elements.Add(this.TransportElement);
return elements;
}
}
public partial class RouterBindingCollectionElement : StandardBindingCollectionElement<RouterBinding, RouterBindingElement>
{
// Removed for space
}
class SoapRouterExtension : IExtension<ServiceHostBase>
{
IDictionary<string, Binding> bindings = new Dictionary<string, Binding>(2);
public SoapRouterExtension()
{
this.bindings.Add("http", new RouterBinding("HttpTextSoap12RouterBinding"));
this.bindings.Add("https", new RouterBinding("HttpsTextSoap12RouterBinding"));
}
public IDictionary<string, Binding> Bindings
{
get { return this.bindings; }
}
public void Attach(ServiceHostBase owner)
{ }
public void Detach(ServiceHostBase owner)
{ }
}
sealed class SoapRouterServiceBehavior : Attribute, IServiceBehavior
{
void IServiceBehavior.Validate(ServiceDescription description, ServiceHostBase serviceHostBase)
{ }
void IServiceBehavior.AddBindingParameters(ServiceDescription description, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection parameters)
{ }
void IServiceBehavior.ApplyDispatchBehavior(ServiceDescription description, ServiceHostBase serviceHostBase)
{
SoapRouterExtension extension = new SoapRouterExtension();
serviceHostBase.Extensions.Add(extension);
}
}
[SoapRouterServiceBehavior]
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall, ConcurrencyMode = ConcurrencyMode.Multiple, ValidateMustUnderstand = false, AddressFilterMode = AddressFilterMode.Any)]
public sealed class SoapRouter : IRequestReplyDatagramRouter, IDisposable
{
SoapRouterExtension extension;
public SoapRouter()
{
ServiceHostBase host = OperationContext.Current.Host;
this.extension = host.Extensions.Find<SoapRouterExtension>();
}
#region SoapIntermediary Request-Reply Datagram
Message IRequestReplyDatagramRouter.ProcessMessage(Message message)
{
EndpointAddress to = new EndpointAddress(message.Headers.To.AbsoluteUri);
IRequestReplyDatagramRouter forwardingChannel = null;
try
{
ChannelFactory<IRequestReplyDatagramRouter> factory = new ChannelFactory<IRequestReplyDatagramRouter>(this.extension.Bindings[to.Uri.Scheme], to);
factory.Endpoint.Behaviors.Add(new MustUnderstandBehavior(false));
forwardingChannel = factory.CreateChannel();
Console.WriteLine("Forwarding request " + message.Headers.Action + "...");
Message response = forwardingChannel.ProcessMessage(message);
Console.WriteLine("Forwarding response " + response.Headers.Action + "...");
return response;
}
finally
{
if (forwardingChannel != null)
{
IClientChannel channel = forwardingChannel as IClientChannel;
if (channel.State == CommunicationState.Faulted)
channel.Abort();
else
channel.Close();
}
}
}
#endregion
void IDisposable.Dispose()
{
}
}
public class ServiceDriver
{
public static void Main(string[] args)
{
ServiceHost serviceHost = new ServiceHost(typeof(SoapRouter));
serviceHost.Open();
Console.ReadLine();
}
}
HTTPS绑定的配置应用于传出TLS连接。
<routerBinding>
<binding name="HttpTextSoap12RouterBinding"
transport="Http"
messageEncoding="Text"
messageVersion="Soap12WSAddressing10"
closeTimeout="01:00:00"
openTimeout="01:00:00"
receiveTimeout="01:00:00"
sendTimeout="01:00:00">
</binding>
<binding name="HttpsTextSoap12RouterBinding"
transport="Https"
messageEncoding="Text"
messageVersion="Soap12WSAddressing10"
closeTimeout="01:00:00"
openTimeout="01:00:00"
receiveTimeout="01:00:00"
sendTimeout="01:00:00">
</binding>
</routerBinding>
我在{}中附加的地方已被修改,但未对整体含义进行任何更改。
CONNECT {provider.com:443} HTTP/1.1
Host: {provider.com}
Proxy-Connection: Keep-Alive
POST {https://provider.com/service.svc} HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: {provider.com}
Content-Length: 4379
Expect: 100-continue
Connection: Keep-Alive
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
<a:MessageID>urn:uuid:cfd9ec29-5e55-4154-8737-69f9b8b8bbb7</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_1">{https://provider.com/service.svc}</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2011-03-04T14:06:27.993Z</u:Created>
<u:Expires>2011-03-04T14:11:27.993Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-526477b6-8ed4-4873-bba5-7997589cd63c-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"> {wFNcPIXogDSsEJYhXyu/H3NbS1oam7quaeDScz+MdDANBgkqhkiG9w0BAQUFADCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3MgMzFJMEuIDPoxyyRVZOBT9HmFHglzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0xMDA4MjYwMDAwMDBaFw0xMTA4MjYyMzU5NTlaMIGXMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUCFJpY2htb25kMSswKQYDVQQKFCJBZmZpbGlhdGVkIENvbXB1dGVyIFNlcnZpY2VzLCBJbmMuMSQwIgYDVQQLFBtIZWFsdGggTWFuYWdlbWVudCBTb2x1dGlvbnMxDzANBgNVBAMUBkFDU0hJRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArpBNMAnbIJ5MLafu2mYd8CJ1239FQ8LJlNfGwyVDkKHE8Quzdml28hIZ8XnLvUI0T9YWymf020SbqhwWKXt9eNH6IaRBZzIaT35NyAaUa/FA9rpCO/djt0z+wOukX75ZLmYtLHpskNtFfBtS9E+k2N8QEz7V+VJhHcWCVKESWBcCAwEAAaOCAa0wggGpMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9TVlJJbnRsLWNybC52ZXJpc2lnbi5jb20vU1ZSSW50bC5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCGSAGG+EIEAQYIKwYBBQUHAwEGCCsGAQUFBwMCMHEGCCsGAQUFBwEBBGUwYzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMDsGCCsGAQUFBzAChi9oaiEP2i8vU1ZSSW50bC1haWEudmVyaXNpZ24uY29tL1NWUkludGwtYWlhLmNlcjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJKoZIhvcNAQEFCB03AYEAXx9ZBgH5iWAnU8eOh2tNS286TFIcnAMJRiR3lvNs+2bi8NNl4a3AUcPhcfy+ybSHiL0Qu7wbpSnZ67FIT2SDa+h3v1JYhAu9hUrkJF9UGOWe8QOVUZuhjt5Uzs+YyRcI30FPRBjvsEqrnO+5ckoKqFEJVwV3FKMyMF5/gvZZszo=}</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>{aepZFE9EXqlXmuAf3RwcA6vXThQ=}</DigestValue>
</Reference>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>{G9/ctKlSyWbRU78aQSLZmEbgdPw=}</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>{JAGbae324PdpRWOaIzihZygSAQVm3CJfOWbP6gsc0UJAGbae324PmYyqYMsgIMuCAlSHIj4yrEfbEL2XHt/nWlBfF0FgfhyqgcsEhc5vHR4kSmS7uKEoOZg8iMSDTGgk86YN5Z+UdB9ysIwe7KpxqrPmJAGbae324PdW8E2GWzY=}</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-526477b6-8ed4-4873-bba5-7997589cd63c-1"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:Entropy>
<t:BinarySecret u:Id="uuid-18de0e52-6a66-442a-8b18-41e4037b5139-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">{gjBI9ZhnJzJAGbae324P+APERNf9gqoJAGbae324PCA=}</t:BinarySecret>
</t:Entropy>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
POST http://localhost.:8000/services/soap12/text HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: localhost.:8000
Content-Length: 1146
Expect: 100-continue
Connection: Keep-Alive
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:1f5e02f6-ce41-4b66-a3a8-eb4014d5d1cb</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">{https://provider.com/service.svc}</a:To>
</s:Header>
<s:Body>
<t:RequestSecurityToken Context="uuid-ffc85f7f-3ffa-4bc7-9174-5ab16948ec78-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeySize>256</t:KeySize>
<t:BinaryExchange ValueType=" http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">{FgMBAEgBAABEAwFNcPIXogDSsEJYhXyu/adf4eFAe436TWvHqqv6ZN+FSQAAFgAEAAUACgAJAGbae324PYAEwASAGMBAAAF/wEAAQA=}</t:BinaryExchange>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
CONNECT {provider.com:443} HTTP/1.1
Host: {provider.com}
Proxy-Connection: Keep-Alive
POST {https://provider.com/service.svc} HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
VsDebuggerCausalityData: uIDPoxyyRVZOBT9HmFHghQdaliEAAAAAAdkPtiI0y021hKG+IPwkNqyhfujS37tMnxoFJUL1/zoACQAA
Host: {provider.com}
Content-Length: 1146
Expect: 100-continue
Connection: Keep-Alive
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:1f5e02f6-ce41-4b66-a3a8-eb4014d5d1cb</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">{https://provider.com/service.svc}</a:To>
</s:Header>
<s:Body>
<t:RequestSecurityToken Context="uuid-ffc85f7f-3ffa-4bc7-9174-5ab16948ec78-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeySize>256</t:KeySize>
<t:BinaryExchange ValueType=" http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">{FgMBAEgBAABEAMIIEhzCCA/CgAwIBAgIQadf4eFAe436TWvHqqv6ZN+FSQAAFgAEAAUACgAJAGbae324PYAEwASAGMBAAAF/wEAAQA=}</t:BinaryExchange>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
答案 0 :(得分:0)
我们有一个非常类似的场景,除了我们使用默认的basicHttpBindings而不是我们的自定义和配置。从来没有,它的协议从HTTP桥接到HTTPS。
有一点不明显,那就是您的客户端配置。客户端服务指定Tansport的安全模式,路由器也应如此。这是我们的(虽然简单的)路由器配置。
<services>
<service name="System.ServiceModel.Routing.RoutingService" behaviorConfiguration="RoutingServiceBehaviour">
<endpoint
address=""
binding="basicHttpBinding"
name="reqReplyEndpoint"
contract="System.ServiceModel.Routing.IRequestReplyRouter"/>
</service>
</services>
我们的客户端配置:
<client>
<endpoint
address="https://localhost/Service.svc"
binding="basicHttpBinding"
bindingConfiguration="SecureHttpBinding"
contract="*"
name="ServiceClientEndpoint"/>
</client>
SecureHttpBinding是客户端服务
指定的 <bindings>
<basicHttpBinding>
<binding name="SecureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
我们的路由表根据过滤器中设置的条件确定要调用的服务。
此外,如果您在开发环境中使用自签名证书,请确保它们已正确注册。如果您使用两台不同的计算机,则必须将服务证书导出到路由器服务计算机。在这种情况下,您的自签名证书需要使用计算机名称而不是localhost进行注册。
HTH。