我从颁发者服务器创建了服务器证书和客户端证书(使用XCA)。然后导入到我的机器中。
服务配置类似于
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/>
</startup>
<system.serviceModel>
<services>
<service name="xxx.yyy.Providers.zzz" behaviorConfiguration="MetaDataBehvior" >
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:9002/yyyService"/>
</baseAddresses>
</host>
<endpoint address="" binding="netTcpBinding" contract="xxx.yyy.Interfaces.Izzz" />
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MetaDataBehvior">
<serviceMetadata />
</behavior>
<behavior>
<serviceCredentials>
<clientCertificate>
<authentication
certificateValidationMode="ChainTrust"
revocationMode="NoCheck" />
</clientCertificate>
<serviceCertificate
findValue="xxx.yyy.Server"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine"
storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
</configuration>
客户端看起来像
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="yyynetTcpBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint name="PrimaryService_TcpEndPoint" address ="net.tcp://localhost:9002/yyyService" behaviorConfiguration="yyyEndPointBEhavior"
binding="netTcpBinding" contract="xxx.yyy.Interfaces.Izzz">
<identity>
<dns value="10.0.5.187" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="yyyEndPointBEhavior">
<clientCredentials>
<clientCertificate
findValue="xxx.yyy.Client"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine"
storeName="My" />
<serviceCertificate>
<authentication
certificateValidationMode="ChainTrust"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/>
</startup>
</configuration>
开始建立连接时,出现以下错误
证书'OU = xxx.yyy.Client,C = cc'可能不具有能够进行密钥交换的私钥,或者该过程可能没有对该私钥的访问权限。有关详细信息,请参见内部异常。
指定了无效的提供程序类型。
有什么办法解决吗?