.net 对于HTTPS,调用WebRequest总是失败。根据验证过程,远程证书无效
我试图在.net 对于HTTPS,调用WebRequest总是失败。根据验证过程,远程证书无效,.net,linux,powershell,ssl,openssl,.net,Linux,Powershell,Ssl,Openssl,我试图在pwsh(Linux上)中使用Invoke-WebRequest,但总是失败。下面是一个例子: Invoke-WebRequest https://www.google.com 站点/URL不重要,如果它使用HTTPS,我将得到错误。在Windows计算机上,完全相同的脚本可以正常工作 $pVersionTable > Name Value > ---- ----
pwsh Invoke-WebRequest https://www.google.com
> Name Value
> ---- -----
> PSVersion 7.0.0
> PSEdition Core
> GitCommitId 7.0.0
> OS Linux 3.10.0-514.21.1.el7.x86_64 #1 SMP Thu May 25 17:04:51 UTC 2017
> Platform Unix
> PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
> PSRemotingProtocolVersion 2.3
> SerializationVersion 1.1.0.1
> WSManStackVersion 3.0
3.1.403OpenSSL 1.0.1e-fips 2013年2月11日dotnet restorecurlhttps://www.google.com> Certificate chain
> 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
> i:/C=US/O=Google Trust Services/CN=GTS CA 1O1
> 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1
> i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
.ps1The remote certificate is invalid according to the validation procedure.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(HttpClient client, HttpRequestMessage request, Boolean keepAuthorization)
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
open("/etc/pki/tls/openssl.cnf", O_RDONLY) = 3
open("/etc/pki/tls/cert.pem", O_RDONLY) = 3
pwshOpenSSL.cnf再一次-任何帮助都将不胜感激。似乎pwsh没有使用我拥有的证书?因为您要求的是指针而不是解决方案:几乎可以肯定的是,powershell不知道在哪里可以找到要信任的证书颁发机构的信任库。了解如何告诉它信任存储在哪里,或者了解如何用特定证书告诉invoke webrequest,这是我的出发点。这绝对正确-谢谢。为了我的目的,使用环境变量SSL\u CERT\u FILE/SSL\u CERT\u DIR解决了这个问题。感谢您使用环境变量发回。我敢肯定,当我遇到同样的问题时,我会在一两年后回到这篇文章!
* Connected to www.google.com (74.125.195.105) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
open("/etc/pki/tls/openssl.cnf", O_RDONLY) = 3
open("/etc/pki/tls/cert.pem", O_RDONLY) = 3