Fatal编程技术网
  • csharp/
  • C# AuthenticateTaserver-根据验证过程,远程证书无效

C# AuthenticateTaserver-根据验证过程,远程证书无效

c# .net sockets ssl

C# AuthenticateTaserver-根据验证过程,远程证书无效,c#,.net,sockets,ssl,C#,.net,Sockets,Ssl,我正在尝试使用以下代码创建测试客户端/服务器连接: static void Main(string[] args) { var listenerThread = new Thread(ListenerThreadEntry); listenerThread.Start(); Thread.Sleep(TimeSpan.FromSeconds(1)); var socket = new Socket(Address

我正在尝试使用以下代码创建测试客户端/服务器连接:

    static void Main(string[] args)
    {
        var listenerThread = new Thread(ListenerThreadEntry);
        listenerThread.Start();

        Thread.Sleep(TimeSpan.FromSeconds(1));

        var socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
        socket.Connect("localhost", Port);

        var rawStream = new NetworkStream(socket);
        var stream = new SslStream(rawStream, false, VerifyServerCertificate);
        var certificate = new X509Certificate(CertsPath + @"test.cer");
        var certificates = new X509CertificateCollection(new[] { certificate });
        stream.AuthenticateAsClient("localhost", certificates, SslProtocols.Tls, false);

        Thread.Sleep(TimeSpan.FromSeconds(1));
    }

    private static bool VerifyServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        return true;
    }

    static void ListenerThreadEntry()
    {
        var listener = new TcpListener(IPAddress.Any, Port);
        listener.Start();

        var client = listener.AcceptTcpClient();
        var serverCertificate = new X509Certificate2(CertsPath + @"\test.pfx");
        var sslStream = new SslStream(client.GetStream(), false);
        sslStream.AuthenticateAsServer(serverCertificate, true, SslProtocols.Tls, false);

        Thread.Sleep(TimeSpan.FromSeconds(10));
    }
以及在authenticatesServer方法中获取“远程证书根据验证过程无效”错误消息。已使用以下命令创建证书并将其保存到文件:

makecert.exe -r -pe -n "CN=localhost" -a sha1 -sky exchange -sv test.pvk test.cer
pvk2pfx -pvk test.pvk -spc test.cer -pfx test.pfx
我错过了什么?

检查这些步骤,似乎正在工作

1)First save the certificate in a file
2)Run MMC
3)Open the Certificate Manager (certmgr.msc in C:\Windows\System32)
4)You will see it opens 'Certificates - Current User'
5)In the menu, choose File, Add/Remove Snap-In
6)Now press Add, select 'Certificates' and select 'Computer Account'
7)Select the Local Computer
8)Now you have two snap-ins:
9)Certificates - Current User
10)Certificates (Local Computer)
11)Now import the certificate in "Certificates (Local Computer)\Trusted Root Certificates\Certificates"
我看不出在您的过程中,您将信任添加到用于身份验证的证书的何处。将
false
作为参数4传递给
authenticatesServer()
只会跳过吊销检查,通常不会跳过信任检查

因此,您有以下选择使其工作:

  • 不要自己生成证书,而是由默认情况下在Windows中受信任的证书颁发机构生成。这将花费一些钱,但也有一些便宜的CA在那里,它不必是一个解冻证书
  • 通过将证书导入个人证书列表,向证书添加信任
  • 如果您已经创建了一个自签名CA证书,该证书已添加到受信任的根证书列表中(这在公司或组织中很常见),请使用该CA证书对您的证书进行签名
  • 根本不进行身份验证(但您可能不希望这样做)
我必须将其添加到全局证书存储吗?