.net 核心 http 调用在 AWS EC2 上抛出 ssl 连接错误，而它们在 OnPrem 服务器上工作正常 - 无法建立 SSL 连接

Question

我们有基于 .netCore 的应用程序，它对 Http 次调用 web 次服务/api。 它工作正常，我们的本地基础设施没有问题，但从 AWS EC2 实例运行时会出现 SSL 错误。

以下是错误：

---------> Testing for HttpClient invocations BEGINS <---------
         Using - .NET Core 3.1.31
Making the Web request...
Failed to make Web request!
StatusCode: 0
Error: The SSL connection could not be established, see inner exception.
Exception details: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at RestSharp.RestClient.ExecuteInternal(RestRequest request, CancellationToken cancellationToken)

Actual Content:
<========== TEST COMPLETED ==========>

令人惊讶的是，当我们在 AWS EC2 上使用 .net Fx 4.7.x、4.8 等运行基于 .net 框架的应用程序时，这工作正常。

花费了大量时间在 SO 和其他地方进行研究，尝试了所有不同的解决方案，例如设置ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, SslPolicyErrors) => true; 和RemoteCertificateValidationCallback = new RemoteCertificateValidationCallback((sender, cert, chain, SslPolicyErrors) => true)语句但没有运气！

它确实与 .net 核心运行时使用来自 AWS EC2 的 HttpClient 和 SSL 进行 Http 调用有关，因为我尝试的所有其他方式都适用于所有用例。

任何帮助/建议/建议/解决方案都将不胜感激。

Answer 1

我也遇到了同样的错误。 我有一个旧的 Let's Encrypt CA 证书，所以我使用以下命令更新它以改进它。

sudo yum update ca-certificates

.net 核心 http 调用在 AWS EC2 上抛出 ssl 连接错误，而它们在 OnPrem 服务器上工作正常 - 无法建立 SSL 连接

问题描述

1 个解决方案

解决方案1
0 2022-11-15 06:24:45

.net 核心 http 调用在 AWS EC2 上抛出 ssl 连接错误，而它们在 OnPrem 服务器上工作正常 - 无法建立 SSL 连接

问题描述

1 个解决方案

解决方案1 0 2022-11-15 06:24:45

解决方案1
0 2022-11-15 06:24:45