MongoDB C#SSL客户端证书
[英]MongoDB C# SSL Client Certificate
问题描述
我正在尝试使用证书验证与C#驱动程序建立与MongoDB的安全连接,但我收到此错误:
无法连接到服务器localhost:27017:无法从传输连接读取数据:已建立的连接已被主机中的软件中止。
下面是MongoDB的错误:
[initandlisten] connection accepted from 127.0.0.1:26163 #2 (1 connection now open)
[conn2] ERROR: no SSL certificate provided by peer; connection rejected
[conn2] SocketException handling request, closing client connection: 9001 socket exception [CONNECT_ERROR]
当我通过mongo shell连接MongoDB并使用证书时它可以工作。
var connectionString = "mongodb://localhost";
var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString));
clientSettings.SslSettings = new SslSettings();
clientSettings.UseSsl = true;
clientSettings.SslSettings.ClientCertificates = new List<X509Certificate>()
{
new X509Certificate("cert.pem")
};
clientSettings.SslSettings.EnabledSslProtocols = SslProtocols.Default;
clientSettings.SslSettings.ClientCertificateSelectionCallback =
(sender, host, certificates, certificate, issuers) => clientSettings.SslSettings.ClientCertificates.ToList()[0];
clientSettings.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
var client = new MongoClient(clientSettings);
有谁知道如何使这个工作?
3 个解决方案
解决方案1
7 已采纳 2014-12-09 01:03:44
意识到这已经过时但是为了别人的利益......
如果您未处理证书吊销列表,则需要关闭该设置,因为默认情况下已启用该设置。
clientSettings.SslSettings.CheckCertificateRevocation = false;
接下来,您提供给驱动程序的X509Certificate2必须包含私钥。 .NET似乎没有在pem文件中获取私钥,因此您需要提供.pfx格式的证书并包含密码。
要在openssl中创建一个pfx文件:
openssl pkcs12 -export -in mycert.cer -inkey mycert.key -out mycert.pfx
OpenSSL将提示您输出密码,在创建X509Certificate2对象时使用它:
X509Certificate2 cert = new X509Certificate2("mycert.pfx","mypassphrase");
解决方案2
0 2019-06-03 22:47:49
//struggled a lot to figure out this using MongoDB.Bson; using MongoDB.Driver; namespace Mongo_AWS { internal class Program { private static void Main(string[] args) { //Mention cert file in connection string itself or put at your executable location string connectionString = @"mongodb://user:pwd@localhost:9999/?ssl=true&ssl_ca_certs=C:\\Users\\sivaram\\Downloads\\my.pem"; MongoClientSettings settings = MongoClientSettings.FromUrl(new MongoUrl(connectionString)); //Disable certificate verification, if it is not issued for you settings.VerifySslCertificate = false; MongoClient client = new MongoClient(settings); IMongoDatabase database = client.GetDatabase("test"); IMongoCollection<BsonDocument> collection = database.GetCollection<BsonDocument>("numbers"); System.Collections.Generic.List<BsonDocument> temp = collection.Find(new BsonDocument()).ToList(); BsonDocument docToInsert = new BsonDocument { { "sivaram-Pi", 3.14159 } }; collection.InsertOne(docToInsert); } } }
解决方案3
0 2019-06-05 05:38:47
,ssl_ca_certs = @“/ path / my.pem”,在连接字符串中添加了这个。
settings.VerifySslCertificate = false;
如果您从本地测试它/你有根证书但没有发给你的机器,可以使用上面的行,可能会发给你的生产主机。
将根证书放在绝对路径中,并直接在连接字符串中引用该路径。 Mongo司机将负责阅读私钥和所有。 无需将其放在证书库或某处。
通过C#驱动程序的MongoDB ssl:根据验证过程,远程证书无效
[英]MongoDB ssl via C# driver: The remote certificate is invalid according to the validation procedure
C# RestSharp 客户端证书获取异常“无法建立 SSL 连接”
[英]C# RestSharp Client Certificate getting exception "The SSL connection could not be established"
如何从客户端应用程序获取运行Web服务的服务器的SSL证书? - C#.NET
[英]How to get the SSL certificate of a server running a web service from the client app? - C# .NET
如果我的客户端程序是Java而不是C#,为什么必须添加服务器SSL证书?
[英]Why do I have to add the server SSL certificate if my client program is in Java and not when it is in C#?
使用CA证书颁发机构ssl证书的WCF客户端4.5 C#。 需要帮助,放弃
[英]WCF Client 4.5 C# using CA certificate authority ssl cert. Need assistance, given up
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
使用 c# 使用证书进行 SSL 客户端身份验证
Rest Client C#的Web.config中的SSl证书详细信息
GRPC C# SSL 客户端与 Windows 证书存储
问题 SSL 证书 C#
在C#中验证SSL证书
通过C#驱动程序的MongoDB ssl:根据验证过程,远程证书无效
C# RestSharp 客户端证书获取异常“无法建立 SSL 连接”
如何从客户端应用程序获取运行Web服务的服务器的SSL证书? - C#.NET
如果我的客户端程序是Java而不是C#,为什么必须添加服务器SSL证书?
使用CA证书颁发机构ssl证书的WCF客户端4.5 C#。 需要帮助,放弃
相关标签