WCF nettcpbinding SSL证书验证问题
[英]WCF nettcpbinding SSL certificate validation issue
问题描述
I have a WCF service that exposes two bindings: BasicHttpBinding and NetTcpBinding. 
我有一个WCF服务,它公开了两个绑定:BasicHttpBinding和NetTcpBinding。 Both bindings are secured with a valid Entrust SSL certificate. 这两个绑定均使用有效的Entrust SSL证书进行保护。
Everything seems to work fine over HTTP, but am getting certification validation issues over net.tcp. 一切似乎都可以通过HTTP正常运行,但是通过net.tcp却遇到了证书验证问题。
The client is configured to use the 'ChainTrust' certificate validation mode. 客户端配置为使用“ ChainTrust”证书验证模式。 This is the error thrown by WCF: 这是WCF引发的错误:
The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
I'm not very familiar with SSL certificates, but I've noticed the certificate was issued by an intermediate certificate. 我对SSL证书不是很熟悉,但是我注意到该证书是由中间证书颁发的。 All the certificates in the chain have been installed on the server. 链中的所有证书均已安装在服务器上。 On the client, the root CA certificate is trusted but the intermediate certificate is not. 在客户端上,根CA证书受信任,但中间证书不受信任。
If I install the intermediate certificate on the client, all is well. 如果我在客户端上安装了中间证书,一切都很好。 However, this doesn't sound right to me? 但是,这听起来不对吗? Shouldn't only the Root certificate be trusted? 不仅根证书值得信任吗?
1 个解决方案
解决方案1
0 已采纳 2014-07-05 17:22:23
We'll, after a lot of troubleshooting and hair-pulling sessions, it turns out there's an issue with my workstation. 经过大量的故障排除和拔毛会议之后,我们发现我的工作站出现了问题。
The WCF service is self-hosted in a windows service running under the Local System account. WCF服务是自托管在本地系统帐户下运行的Windows服务中的。 If the service is run under a different user account, all is well. 如果该服务在其他用户帐户下运行,则一切正常。 All is also well when run under Local System on all the other machines I tried it on. 在我尝试过的所有其他计算机上的“本地系统”下运行时,一切也都很好。
I Guess I'm about to do a fresh install. 我猜我即将进行全新安装。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.