SslStream.AuthenticateAsServer证书链
[英]SslStream.AuthenticateAsServer certificate chain
问题描述
Are possible connect to client as server with certificate chain ? 
是否可以通过证书链将客户端连接为服务器?
clientStream.AuthenticateAsServerAsync(certificate, false, System.Security.Authentication.SslProtocols.Tls, false).Wait();
I'm just try connect to client with self-signed certificates chain, and haven't luck. 我只是尝试使用自签名证书链连接到客户端,而且还没有走运。 Method of SslStream instance AuthenticateAsServer have only one certificate as argument. SslStream实例AuthenticateAsServer的方法只有一个证书作为参数。 But browser ask for additional root certificate . 但是浏览器要求其他根证书 。 Have u any minds or code samples how do it ? 您有什么想法或代码示例如何做?
1 个解决方案
解决方案1
0 已采纳 2017-03-09 15:23:11
The chain doesn't send the root, because either A) You already have it, so it's redundant to your root store; 链不会发送根,因为以下两个原因之一:A)您已经拥有根,因此对根存储是多余的; or B) You don't, in which case you won't trust it, so why bother? 或B)您不这样做,在这种情况下您将不会信任它,那么为什么要打扰呢?
RFC 5246, section 7.4.2 : RFC 5246第7.4.2节 :
certificate_list: This is a sequence (chain) of certificates.
The SslStream class will send the server identity certificate followed by any intermediates it knows about, but not the root (unless, of course, the server identity certificate is self-signed). SslStream类将发送服务器身份证书,后跟它知道的任何中间设备,但不发送根(当然,服务器身份证书是自签名的)。
Normally untrusted roots can be looked up via the Authority Information Access record they write into their child/intermediate CAs. 通常,可以通过将不可信的根写入其子级/中间级CA的“机构信息访问”记录来查找它们。 If you don't have AIA or the endpoints are unreachable you'll have to transfer the root to the client machine via a different mechanism. 如果没有AIA或端点不可达,则必须通过其他机制将根转移到客户端计算机。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.