如何在Winrt应用程序中使用自签名证书进行与iis的https通信
[英]how to use self signed certificates in a winrt app for https communication with iis
问题描述
I am pretty new to the hole certification world and i am currently smashing my head against my winrt app to use self signed certificates with my IIS webserver over https. 
我对Hole认证世界还很陌生,目前我正在对我的winrt应用程序大加赞赏,以通过https通过IIS网络服务器使用自签名证书。 These are my current steps. 这些是我目前的步骤。
Create certificates: A root, server and a client certificate. 创建证书:根证书,服务器证书和客户端证书。
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert" -r -pe -n "CN=appCA" -sr CurrentUser -a sha1 -sky signature -cy authority -sv appCA.pvk appCA.cer
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert" -pe -n "CN=appServerCA" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic appCA.cer -iv appCA.pvk -sv appServerCA.pvk appServerCA.cer
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\makecert" -pe -n "CN=appclientCA" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -ic appCA.cer -iv appCA.pvk -sv appclientCA.pvk appclientCA.cer
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\pvk2pfx" -pvk appServerCA.pvk -spc appServerCA.cer -pfx appServerCA.pfx
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\pvk2pfx" -pvk appclientCA.pvk -spc appclientCA.cer -pfx appclientCA.pfx
I installed the appCA.cer in the "Trusted Root Certification Authorities" of the IIS server and imported the appServerCA.pfx with IIS. 我在IIS服务器的“受信任的根证书颁发机构”中安装了appCA.cer,并通过IIS导入了appServerCA.pfx。 I created the https binding using the appServerCA. 我使用appServerCA创建了https绑定。
On the client WINRT app i added in the appxmanifest 在客户端WINRT应用程序上,我在appxmanifest中添加了
<!--Certificates Extension-->
<Extension Category="windows.certificates">
<Certificates>
<Certificate StoreName="Root" Content="appCA.cer" />
<Certificate StoreName="My" Content="appclientCA.cer" />
<TrustFlags ExclusiveTrust="true" />
<SelectionCriteria AutoSelect="true" />
</Certificates>
</Extension>
I also added a HttpClientHandler to the HttpClient 我还向HttpClient添加了HttpClientHandler
HttpClientHandler clientHandler = new HttpClientHandler();
clientHandler.ClientCertificateOptions = ClientCertificateOption.Automatic;
this.httpClient = new HttpClient(clientHandler, true);
but if i call a https url i get the following inner exception: 但是如果我调用https url,则会收到以下内部异常:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." 基础连接已关闭:无法为SSL / TLS安全通道建立信任关系。”
1 个解决方案
解决方案1
0 2014-11-20 11:58:29
I have no knowledge of WinRT but client needs to have appCA.cer certificate in trusted root store to trust the server. 我不了解WinRT,但客户端需要在受信任的根存储中具有appCA.cer证书才能信任服务器。 Also if you need client to authenticate using certificate, you need to use private key corresponding to client certificate in connection. 另外,如果需要客户端使用证书进行身份验证,则需要在连接中使用与客户端证书相对应的私钥。 In .NET there is X509Certificate2 class that can be used, don't know if there is something similar in WinRT world. 在.NET中,可以使用X509Certificate2类,不知道WinRT世界中是否存在类似的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.