我正在尝试连接到需要客户端证书的SOAP服务。我在项目中添加了WCF Web服务引用,并编写了以下代码:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var certificate = new X509Certificate2("transport.p12", "password");
var client = new SomeServiceHelloClient(new BasicHttpsBinding(BasicHttpsSecurityMode.Transport)
{
Security =
{
Transport =
{
ClientCredentialType = HttpClientCredentialType.Certificate
}
}
}, new EndpointAddress("https://some-service.com/Hello"))
{
ClientCredentials =
{
ClientCertificate = {Certificate = certificate}
}
};
await client.OpenAsync();
var response = await client.HelloAsync();
transport.p12是PCKS12密钥库文件,其中包含私钥和证书链。该代码有效,但仅在Windows证书存储区中安装了根证书和中间证书时(这些证书包含在transport.p12文件中)。当证书存储中没有这些证书时,出现以下异常:
System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'some-service.com'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.
我不想使用系统证书存储。是否可以手动提供中间/根证书(不使用证书存储)或进行一些自定义验证?