信任自签名证书以验证服务器(Windows 上的 .NET 客户端)
[英]Trust a self-signed certificate to authenticate a server (.NET client on Windows)
问题描述
I have a .NET application that connects to a remote server over SSL. In test environment the remote server uses a self-signed certificate.
我有一个 .NET 应用程序,它通过 SSL 连接到远程服务器。在测试环境中,远程服务器使用自签名证书。 By default, the SSL connection fails.默认情况下,SSL 连接失败。 If I install the certificate into Trusted Root Certification Authorities store, the connection succeeds.如果我将证书安装到受信任的根证书颁发机构存储中,连接就会成功。
However, since it is now a trusted certification authority, this certificate can be used to sign certificates for any other site, and applications on my computer, such as Inte.net Explorer, will trust those.但是,由于它现在是受信任的证书颁发机构,因此该证书可用于为任何其他站点签署证书,我计算机上的应用程序(如 Inte.net Explorer)将信任这些站点。 I want this certificate to be trusted to authenticate a specific web site, but not trusted as a certification authority.我希望此证书受信任以验证特定的 web 站点,但不被信任为证书颁发机构。 Is there any way to do so?有什么办法吗?
1 个解决方案
解决方案1
2 2012-04-04 14:41:54
You can implement your own certificate verification mechanism that allows additionally certain self-signed or custom certificates.您可以实施自己的证书验证机制,该机制额外允许某些自签名或自定义证书。
Take a look onto the RemoteCertificateValidationCallback Delegate .查看RemoteCertificateValidationCallback Delegate 。 In this callback you can check if the verification was already successful ( sslPolicyErrors == SslPolicyErrors.None ) then you don't have to do anything.在此回调中,您可以检查验证是否已经成功( sslPolicyErrors == SslPolicyErrors.None )然后您不必执行任何操作。 Otherwise you can check the given certificate if it equals the custom certificate you want to trust in this context.否则,您可以检查给定的证书是否等于您在此上下文中要信任的自定义证书。 If the certificate matches return true.如果证书匹配则返回 true。
Using your own RemoteCertificateValidationCallback Delegate can be done connection oriented (using eg this SslStream constructor ).使用您自己的 RemoteCertificateValidationCallback Delegate 可以完成面向连接(例如使用此SslStream 构造函数)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.