![](/img/trans.png)
[英]C# Generate client Certificate from Root Certificate using CertEnroll
[英]Consuming webservice that requires Client Certificate and Root Certificate using C# Restsharp Library
我正在尝试使用要求开发人员将签名证书作为参数的一部分传递的 Web 服务。 该服务在测试环境中运行良好,但是对于生产环境,除了签名证书之外,您还需要根证书才能成功访问该服务。 这已经在 Postman 中进行了测试,并产生了成功的结果。
当使用 RestSharp 库在 C# 代码中实现这一点时,我得到如下所示的响应。
查询客户端响应日志:{"statusCode":0,"statusDescription":null,"content":"","headers":[],"responseUri":null,"errorMessage":"请求被中止:不能创建 SSL/TLS 安全通道。"}
我的问题是,我如何使用 Restsharp 库在 C# 中实现这一点。 下面是我实现这一目标的代码。 但是我不断收到错误“请求被中止:无法创建 SSL/TLS 安全通道。 ”
log.Info("-------------------Initiating Query Request---------------------------"); QueryClient ad = new QueryClient(); ad.institutionId = ConfigurationManager.AppSettings["OriginInst"]; ad.proxyId = pr.proxyId; ad.requestSource = "XX"; ad.requestTimestamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); string concat = ad.institutionId + ad.proxyId + ad.requestSource + ad.requestTimestamp; HelperLibrary hl = new HelperLibrary(); string key = ConfigurationManager.AppSettings["pkey2"]; string signature = hl.GetSignature(concat, key); ad.requestSignature = signature; ServicePointManager.Expect100Continue = true; ServicePointManager.DefaultConnectionLimit = 9999; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3; var client = new RestSharp.RestClient("https://service.url"); //load certificates var myCert = new X509Certificate2(ConfigurationManager.AppSettings["certificatePath"], ConfigurationManager.AppSettings["certificatePassword"], X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); var rootCert = new X509Certificate2(ConfigurationManager.AppSettings["certificateRootPath"]); X509Chain chain = new X509Chain(); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.ExtraStore.Add(rootCert); X509CertificateCollection clientCerts = new X509CertificateCollection(); clientCerts.Add(myCert); clientCerts.Add(rootCert); client.ClientCertificates = clientCerts; ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback((sender, certificate, chain, policyErrors) => { return true; }); var request = new RestSharp.RestRequest(RestSharp.Method.POST); log.Info("Query Client Using Certificate Path: " + ConfigurationManager.AppSettings["certificatePath"]); request.AddHeader("accept", "application/json"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", jsonString, RestSharp.ParameterType.RequestBody); var serializer = new System.Web.Script.Serialization.JavaScriptSerializer(); var requestToLog = new { resource = request.Resource, parameters = serializer.Serialize(request.Parameters), method = request.Method.ToString(), // This will generate the actual Uri used in the request uri = client.BuildUri(request), }; log.Info("Query Client Request: " + requestToLog); RestSharp.IRestResponse response = client.Execute(request); var responseToLog = new { statusCode = response.StatusCode, statusDescription = response.StatusDescription, content = response.Content, headers = response.Headers, responseUri = response.ResponseUri, errorMessage = response.ErrorMessage, }; log.Info("Query Client Response Log: " + JsonConvert.SerializeObject(responseToLog));
您的建议将不胜感激。
该错误与代码无关。 出现此问题是因为我正在从浏览器访问该服务。 然而,浏览器并没有这个证书颁发机构的任何记录。 必须将根证书添加到浏览器的证书管理器中。 以下是在 Firefox 浏览器中添加证书颁发机构的步骤。
工具->设置->隐私和安全->查看证书->权限->导入
关于如何在 Firefox 浏览器中添加证书授权的第一个屏幕截图
关于如何在 Firefox 浏览器中添加证书颁发机构的第二个屏幕截图
添加证书后,我可以顺利访问该服务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.