[英]Connection to Azure Cloud Blob Storage fails with invalid certificate
我正在使用 Azure 存儲客戶端庫連接到我的 azure blob 存儲並發布一些文件。 以下代碼是我用來建立連接和創建 blob 容器的內容的摘錄:
var storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("settingsName"));
client = storageAccount.CreateCloudBlobClient();
var container = client.GetContainerReference("containerName");
container.CreateIfNotExists();
這在我的本地機器上運行良好。 但是,如果我嘗試在不同的服務器上運行完全相同的代碼,則會出現以下異常:
Microsoft.WindowsAzure.Storage.StorageException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
--- End of inner exception stack trace ---
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext)
有沒有人知道可能導致這種情況的原因? 我一直在谷歌搜索這個問題好幾天了,沒有任何解決方案。
這個線程已經休眠了一段時間,但我最近遇到了同樣的問題; 我想我會分享我的結果,希望其他人將來可以從中受益。
嘗試從服務器寫入 Azure 存儲 blob 時,我們收到相同的錯誤,盡管相同的代碼在本地和其他服務器上運行良好:
Microsoft.WindowsAzure.Storage.StorageException:基礎連接已關閉:無法為 SSL/TLS 安全通道建立信任關系。 ---> System.Net.WebException: 底層連接已關閉:無法為 SSL/TLS 安全通道建立信任關系。
首先,我們驗證了我們在機器上安裝了正確的證書頒發機構。 通常,這可能是罪魁禍首。 但是,在我們的案例中,我們擁有所有必要的證書頒發機構。
最終的問題是服務器沒有為存儲帳戶解析正確的 IP 地址(yourstorageaccountname.blob.core.windows.net)。
在本地,嘗試從命令提示符 ping 您的存儲帳戶,如下所示:
ping yourstorageaccountname.blob.core.windows.net
您應該會看到來自本地計算機的 ping 能夠解析您的 blob 帳戶的 IP 地址(13.88.144.248 等)。
現在嘗試從您的服務器 ping blob 帳戶,在那里您會收到此異常。 如果 ping 無法解析 IP 地址,或者解析錯誤的 IP 地址(如我的情況),您可能已經發現了問題。
如果是這種情況,向 C:\\Windows\\System32\\drivers\\etc\\hosts 文件添加一個簡單的映射可以解決我們的問題。 如果您遇到同樣的問題,向文件添加 IP 映射應該可以解決問題。 映射應將 IP 從本地 ping 映射到 Blob 帳戶的主機名。 下面是一個例子:
13.88.144.248 yourstorageaccountname.blob.core.windows.net
請注意,您必須以管理員身份運行文本編輯器(記事本等)才能正確保存主機文件。
我剛剛在單元測試期間遇到了此錯誤消息訪問表存儲,在該測試中我為DateTime.UtcNow
創建了一個墊片。
這段代碼至少從 2017 年開始使用,所以最近的包更新肯定是造成這種情況的(使用 .NET Framework 4.8)。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.