[英]How to Create a TCP Client connection with a Client Certificate in Powershell
使用以下代碼,我可以建立一個SSL連接:
$cert = dir cert:\CurrentUser\My | where {$_.Subject -like "*Alice*"}
$computerName = "google.com"
$port = "443"
$socket = New-Object Net.Sockets.TcpClient($computerName, $port)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream $stream,$false
$sslStream.AuthenticateAsClient($computerName)
$sslStream
這很好。 但是現在我不想添加用於身份驗證的客戶端證書。 認為我只需要替代
$sslStream.AuthenticateAsClient($computerName)
與
$sslStream.BeginAuthenticateAsClient($computerName,$cert,"SslProtocols",$false,"Foo" ,"Bar")
但是我不是很幸運正確地提出了論點。 Sombody可以解決異步調用嗎;-)也許我需要一些C#代碼嗎?!
參數為:
System.IAsyncResult BeginAuthenticateAsClient(
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Authentication.SslProtocols enabledSslProtocols,
bool checkCertificateRevocation,
System.AsyncCallback asyncCallback,
System.Object asyncState)
我最終要實現的是列出並稍后指定客戶端連接到的CipherSuites。 (我可以使用Wireshark我知道;-)
終於使它起作用了,不是參數4,而是$ Cert,它不是集合。
$cert = dir cert:\CurrentUser\My | where {$_.Subject -like "*alice*"}
$computerName = "google.com"
$port = "443"
[System.Security.Authentication.SslProtocols]$protocol = "ssl3"
$certcol = New-object System.Security.Cryptography.X509Certificates.X509CertificateCollection
$certcol.Add($cert)
$socket = New-Object Net.Sockets.TcpClient($computerName, $port)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream $stream,$false
#$sslStream.AuthenticateAsClient($computerName)
$sslStream.AuthenticateAsClient($computerName,$certcol,$protocol,$false)
$sslStream
根據文檔, AuthenticateAsClient
和BeginAuthenticateAsClient
之間的區別在於后者是異步使用的。
您應該嘗試使用AuthenticateAsClient(String, X509CertificateCollection, SslProtocols, Boolean)
,其中第二個參數是可以使用的客戶端證書的集合(最好是X509Certificate2
,因為您需要與證書關聯的私鑰才能使用它身份驗證)。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.