无法将Kestrel与HTTPS一起使用并进行相互握手(双向SSL)
主要方法:无法将Kestrel与HTTPS一起使用并进行相互握手(双向SSL),ssl,https,asp.net-core,asp.net-core-mvc,kestrel-http-server,Ssl,Https,Asp.net Core,Asp.net Core Mvc,Kestrel Http Server,主要方法: public static void InitHttpServer(ServerInitiatorParam sip) { var host = new WebHostBuilder() //.UseKestrel(options => { options.UseHttps(cert); }) .UseKestrel(options =>
public static void InitHttpServer(ServerInitiatorParam sip)
{
var host = new WebHostBuilder()
//.UseKestrel(options => { options.UseHttps(cert); })
.UseKestrel(options =>
{
var cert = new X509Certificate2("C:/cert/Test.pfx", "password");
HttpsConnectionFilterOptions httpsOptions = new HttpsConnectionFilterOptions();
httpsOptions.ServerCertificate = cert;
httpsOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
options.UseHttps(httpsOptions);
})
.UseStartup<Startup>()
.UseUrls($"https://localhost:{port}/")
.Build();
host.Run();
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
}
公共静态void InitHttpServer(ServerInitiatorParam sip)
{
var host=new WebHostBuilder()
//.UseKestrel(选项=>{options.UseHttps(证书);})
.UseKestrel(选项=>
{
var cert=新X509Certificate2(“C:/cert/Test.pfx”,“密码”);
HttpsConnectionFilterOptions httpsOptions=新的HttpsConnectionFilterOptions();
httpsOptions.ServerCertificate=cert;
httpsOptions.ClientCertificateMode=ClientCertificateMode.RequireCertificate;
选项。使用HTTPS(HTTPS选项);
})
.UseStartup()
.useURL($)https://localhost:{port}/”)
.Build();
host.Run();
启动文件:
public static void InitHttpServer(ServerInitiatorParam sip)
{
var host = new WebHostBuilder()
//.UseKestrel(options => { options.UseHttps(cert); })
.UseKestrel(options =>
{
var cert = new X509Certificate2("C:/cert/Test.pfx", "password");
HttpsConnectionFilterOptions httpsOptions = new HttpsConnectionFilterOptions();
httpsOptions.ServerCertificate = cert;
httpsOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
options.UseHttps(httpsOptions);
})
.UseStartup<Startup>()
.UseUrls($"https://localhost:{port}/")
.Build();
host.Run();
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
}
public void配置服务(IServiceCollection服务)
{
//添加框架服务。
services.AddMvc();
配置(选项=>
{
options.Filters.Add(新的requireHttpAttribute());
});
}
错误:
public static void InitHttpServer(ServerInitiatorParam sip)
{
var host = new WebHostBuilder()
//.UseKestrel(options => { options.UseHttps(cert); })
.UseKestrel(options =>
{
var cert = new X509Certificate2("C:/cert/Test.pfx", "password");
HttpsConnectionFilterOptions httpsOptions = new HttpsConnectionFilterOptions();
httpsOptions.ServerCertificate = cert;
httpsOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
options.UseHttps(httpsOptions);
})
.UseStartup<Startup>()
.UseUrls($"https://localhost:{port}/")
.Build();
host.Run();
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
}
System.Security.Authentication.AuthenticationException:根据验证过程,远程证书无效
更改了“C:\Windows\System32\drivers\etc\hosts”
增加:
127.0.0.1试验
本地主机测试
为确保安全,请输入证书名称,即。
“测试”与主机名相同
错误堆栈跟踪:
public static void InitHttpServer(ServerInitiatorParam sip)
{
var host = new WebHostBuilder()
//.UseKestrel(options => { options.UseHttps(cert); })
.UseKestrel(options =>
{
var cert = new X509Certificate2("C:/cert/Test.pfx", "password");
HttpsConnectionFilterOptions httpsOptions = new HttpsConnectionFilterOptions();
httpsOptions.ServerCertificate = cert;
httpsOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
options.UseHttps(httpsOptions);
})
.UseStartup<Startup>()
.UseUrls($"https://localhost:{port}/")
.Build();
host.Run();
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
}
2017-07-10T10:12:05.6963689-05:00[错误]连接筛选器.OnConnection(e77fccc9)
System.AggregateException:发生一个或多个错误。-->System.Security.Authentication.AuthenticationException:根据验证过程,远程证书无效。
位于System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult-lazyResult)
位于System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)
位于System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
在System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar,Func
2 endFunction,Action1 endAction,Task
1 Promission,布尔要求同步)
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d_u6.MoveNext()中
---内部异常堆栈跟踪的结束---
--->(内部异常#0)System.Security.Authentication.AuthenticationException:根据验证过程,远程证书无效。
位于System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult-lazyResult)
位于System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)
位于System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
在System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar,Func
2 endFunction,Action1 endAction,Task
1 Promission,布尔要求同步)
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d_uu6.MoveNext()System.Security.Authentication.AuthenticationException:根据验证过程,远程证书无效。
位于System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult-lazyResult)
位于System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)
位于System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
在System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar,Func
2 endFunction,Action1 endAction,Task
1 Promission,布尔要求同步)
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d_u6.MoveNext()中
---内部异常堆栈跟踪的结束---
--->(内部异常#0)System.Security.Authentication.AuthenticationException:根据验证过程,远程证书无效。
位于System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult-lazyResult)
位于System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)
位于System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
在System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar,Func
2 endFunction,Action1 endAction,Task
1 Promission,布尔要求同步)
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__6.MoveNext()中,我应该对服务器进行编码,还是希望通过框架根据本地存储(受信任的根证书颁发机构)中的证书验证客户端证书?