如何在C＃中驗證Web服務器證書？

Question

我有一個有趣的問題。 我們的團隊在AWS中管理大量的Load Balancers和Web服務器。 證書管理會破壞塊，因此我嘗試向trycorder添加一個模塊，該模塊將命中每個受SSL保護的端點並檢查證書過期日期，以及可能有用的任何其他證書詳細信息。 基於以下內容找到了一個示例，但它失敗了，無法建立信任。 我不關心信任，我只需要查看正在使用的證書。

Based on help recieved, I have gotten this far, but failing because I dont understand how to recover the data from the delegate within the context of the calling function.  I need the function to return the certificate.  Can this be done? (email code if it is too large to megastiv@stiv.com. Thanks for your help!!!!

    public X509Certificate2 GetCertificate(string urltocheck)
    {
        X509Certificate2 ToReturn = new X509Certificate2();
        try
        {
            WebRequest request = WebRequest.Create(new Uri(urltocheck));
            var gimme = ServicePointManager.ServerCertificateValidationCallback =
            (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
            {
                ToReturn = new X509Certificate2(certificate);
                return true;
            };

            ServicePoint svcPoint = ServicePointManager.FindServicePoint(new Uri(urltocheck));
            return ToReturn;
        }
        catch (Exception ex) { }
        return ToReturn;
    }

救命？

Answer 1

您可以使用ServicePointManager來允許任何證書，並且您有機會使用certificate參數進行檢查：

 ServicePointManager.ServerCertificateValidationCallback =
                (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
                {
                        //do stuff with certificate...
                        return true;
                };

聽起來你有一個有效的用例，當然你幾乎從不想盲目信任任何證書。