[英]MongoDB ssl via C# driver: The remote certificate is invalid according to the validation procedure
我正在尝试使用从C#客户端到MongoDB的X.509自签名证书测试身份验证。 我已成功使用ssl 在控制台窗口中运行mongod并使用mongo命令从另一个控制台窗口连接到它:
mongod --clusterAuthMode x509 --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client.pem
mongo --ssl --sslCAFile mongodb.pem --sslPEMKeyFile client.pem
证书文件是按照以下说明生成的。
MongoDB驱动程序需要我通过以下方式生成的pfx文件:
openssl pkcs12 -export -in client.pem -inkey client-cert.key -out client.pfx
实际代码如下:
private static void TryConnect()
{
var cert = new X509Certificate2(@"C:\Program Files\MongoDB\Server\3.2\bin\client.pfx", "test");
var settings = new MongoClientSettings
{
Credentials = new[]
{
MongoCredential.CreateMongoX509Credential("subject= emailAddress=test@test.com,CN=127.0.0.1,OU=Test,O=Test,L=Cph,C=DK")
},
SslSettings = new SslSettings
{
ClientCertificates = new[] { cert },
},
UseSsl = true
};
settings.Server = new MongoServerAddress("127.0.0.1");
MongoClient client = new MongoClient(settings);
var db = client.GetServer().GetDatabase("test");
db.CreateCollection("test");
}
最后一行引发异常: 无法连接到服务器127.0.0.1:27017:根据验证过程,远程证书无效。
有谁知道如何使它工作?
检查CRL是否有效。
以下链接描述了HTTP URL中的错误配置,在另一种情况下导致此问题(与mongodb不相关)
http://www.coretekservices.com/2014/jun/26/certificate-services-did-not-start-sub-ca
您可以通过验证证书并检查策略错误(请注意警告)来获取更多信息。
警告:请勿在生产中使用该产品!!! 修复CERT问题
settings.SslSettings = new SslSettings
{
ClientCertificates = new[] { cert },
ServerCertificateValidationCallback = delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
foreach (var item in chain.ChainElements)
{
foreach (var elemStatus in item.ChainElementStatus)
{
Console.WriteLine( item.Certificate.Subject + "->" + elemStatus.StatusInformation);
}
}
return true; //NOT FOR PRODUCTION: this line will bypass certificate errors.
}
}
纳比的回答帮助我确定了问题所在。 自签名根证书不受信任。 将mongodb-cert.crt添加到“ 证书(本地计算机)”管理单元下的“ 受信任的根证书颁发机构”后,该问题消失了。
TCP客户端C#:根据验证过程,远程证书无效
[英]TCP Client C#: The remote certificate is invalid according to the validation procedure
.NET C# “根据验证程序,远程证书无效”
[英].NET C# "The remote certificate is invalid according to the validation procedure"
SSL证书问题 - 根据验证程序,远程证书无效
[英]SSL Certificate Issue - The remote certificate is invalid according to the validation procedure
根据SSL Restful Service的验证过程,远程证书无效
[英]The remote certificate is invalid according to the validation procedure from SSL Restful Service
MailKit C#ImapClient.Connect()到Office 365的生成异常:“根据验证过程,远程证书无效”
[英]MailKit C# ImapClient.Connect() to Office 365 generating exception: “The remote certificate is invalid according to the validation procedure”
“根据验证程序,远程证书无效” wcf
[英]“The remote certificate is invalid according to the validation procedure” wcf
AuthenticateAsServer - 根据验证过程,远程证书无效
[英]AuthenticateAsServer - The remote certificate is invalid according to the validation procedure
FluentFTP:根据验证程序远程证书无效
[英]FluentFTP: The remote certificate is invalid according to the validation procedure
根据使用自签名证书的验证程序,远程证书无效
[英]The remote certificate is invalid according to the validation procedure with self-signed certificate
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.