连接到 Azure Cloud Blob 存储失败,证书无效
[英]Connection to Azure Cloud Blob Storage fails with invalid certificate
问题描述
I'm using the Azure Storage Client Library to connect to my azure blob storage and publish some files.
我正在使用 Azure 存储客户端库连接到我的 azure blob 存储并发布一些文件。 Following code is an extract of what I'm using to establish the connection and create a blob container:以下代码是我用来建立连接和创建 blob 容器的内容的摘录:
var storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("settingsName"));
client = storageAccount.CreateCloudBlobClient();
var container = client.GetContainerReference("containerName");
container.CreateIfNotExists();
This works fine on my local machine.这在我的本地机器上运行良好。 However, if I try to run the exact same code on a different server I'm getting following exception:但是,如果我尝试在不同的服务器上运行完全相同的代码,则会出现以下异常:
Microsoft.WindowsAzure.Storage.StorageException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
--- End of inner exception stack trace ---
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext)
Does anybody have an idea what could be causing this?有没有人知道可能导致这种情况的原因? I've been googling the problem for days now, without any solution.我一直在谷歌搜索这个问题好几天了,没有任何解决方案。
2 个解决方案
解决方案1
1 2016-10-21 20:07:20
This thread has been dormant for a while, but I recently ran across this same issue;这个线程已经休眠了一段时间,但我最近遇到了同样的问题; I thought I would share my results in the hope that others may benefit from this in the future.我想我会分享我的结果,希望其他人将来可以从中受益。
We were receiving the same error when attempting to write to an Azure Storage blob from a server, though the same code functioned fine locally and on other servers:尝试从服务器写入 Azure 存储 blob 时,我们收到相同的错误,尽管相同的代码在本地和其他服务器上运行良好:
Microsoft.WindowsAzure.Storage.StorageException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
First, we verified that we had the proper certificate authorities installed on the machine.首先,我们验证了我们在机器上安装了正确的证书颁发机构。 Often, this can be a culprit.通常,这可能是罪魁祸首。 However, in our case, we had all of the necessary certificate authorities.但是,在我们的案例中,我们拥有所有必要的证书颁发机构。
What ended up being the issue was that the server was not resolving the proper IP address for the storage account (yourstorageaccountname.blob.core.windows.net).最终的问题是服务器没有为存储帐户解析正确的 IP 地址(yourstorageaccountname.blob.core.windows.net)。
Locally, try pinging your storage account from the command prompt, like so:在本地,尝试从命令提示符 ping 您的存储帐户,如下所示:
ping yourstorageaccountname.blob.core.windows.net
You should see that the ping from your local machine is able to resolve an IP address for your blob account (13.88.144.248, etc).您应该会看到来自本地计算机的 ping 能够解析您的 blob 帐户的 IP 地址(13.88.144.248 等)。
Now try pinging the blob account from your server, where you are getting this exception.现在尝试从您的服务器 ping blob 帐户,在那里您会收到此异常。 If the ping is unable to resolve the IP address, or if it is resolving the wrong IP address (like in my case), you may have found your issue.如果 ping 无法解析 IP 地址,或者解析错误的 IP 地址(如我的情况),您可能已经发现了问题。
If this is the case, adding a simple mapping to the C:\\Windows\\System32\\drivers\\etc\\hosts file fixed our issue.如果是这种情况,向 C:\\Windows\\System32\\drivers\\etc\\hosts 文件添加一个简单的映射可以解决我们的问题。 If you are having the same issue, adding an IP mapping to the file should fix it.如果您遇到同样的问题,向文件添加 IP 映射应该可以解决问题。 The mapping should map the IP from your local ping to the host name of your blob account.映射应将 IP 从本地 ping 映射到 Blob 帐户的主机名。 Here's an example:下面是一个例子:
13.88.144.248 yourstorageaccountname.blob.core.windows.net
Note that you will have to run your text editor (Notepad, etc) as Administrator to save the hosts file properly.请注意,您必须以管理员身份运行文本编辑器(记事本等)才能正确保存主机文件。
解决方案2
0 2021-10-12 12:01:23
I have just encountered this error message accessing table storage during a unit test where I created a shim for DateTime.UtcNow .我刚刚在单元测试期间遇到了此错误消息访问表存储,在该测试中我为DateTime.UtcNow创建了一个垫片。
This code has been used since at least 2017, so a recent package update must have caused this (using .NET Framework 4.8).这段代码至少从 2017 年开始使用,所以最近的包更新肯定是造成这种情况的(使用 .NET Framework 4.8)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.