403错误 [英] 403 error

问题描述

我看过这个论坛中之前的所有403代码问题：据我所知，我们正在做所有正确的事情，尽管如此我们得到403.请有人建议吗？

我们有Digicert颁发的证书：证书使用包括密钥验证。我们的证书链连接到"DigiCert High Assurance CA-3"。它又链接到"DigiCert High Assurance EV Root CA"，该列表位于
微软批准的列表中。我们似乎已经正确安装了我们的证书：我们的应用程序无节制，https网址回来了。以下是我尝试点击其中一个网址的原因（是的，它是Unix服务器）：

curl -v --key etc / certs / digicert-csa.pem --cert etc / certs / star_vyclone_com.crt -X POST --data'<？xml version = QUOT; 1.0" encoding =" utf-8"？>< wp： Notification
xmlns：wp =" WPNotification"> < wp： Toast>< wp：Text1> Vyclone< / wp： Text1>< wp：Text2> Hello
Yeray，Dave调用< / wp：Text2>< / wp：Toast>< / wp：Notification>'
https：// db3.notify.live.net/ unthrottledthirdparty / 01.00 / AAFaW_ 3q1hOvQ5wSCC9sXgkGAgAAAAADGwAA AAQUZm52OjcyRDk0QjUyMkRCMTUzRT A

在这篇文章的最后是curl的详细输出，这似乎表明SSL握手没问题，但是服务器无论如何都给了我403。 openssl确认我们的私钥是未加密的（curl没有要求关键短语）
和openssl也确认证书有效。如果有人想检查，我可以在链中提供三个证书。

那么，有什么想法吗？我在这里结束了我的智慧。一想法：我是否需要以某种方式提供中间Digicert证书 - 如果是这样，如何将其与我们的证书相结合？

提前感谢任何建议，

- Dave Cleal

curl的详细输出如下：

=====================

解决方案

没关系，最后解决了它。我需要创建一个组合的证书文件，其中包含我的，中间证书和根证书连接在一起  IN THAT ORDER。然后， 

curl -v --key etc / certs / digicert-csa.pem --cert combined.crt -X POST --data'<？xml version =" 1.0" encoding =" utf-8"？>< wp： 通知
xmlns：wp =" WPNotification">< wp： Toast>< wp：Text1> Vyclone< / wp： Text1>< wp：Text2> Hello
Yeray，Dave调用< / wp：Text2>< / wp：Toast>< / wp：Notification>'
https：// db3.notify.live.net / unthrottledthirdparty / 01.00 / AAFaW _ 3q1hOvQ5wSCC9sXgkGAgAAAAADGwAA AAQUZm52OjcyRDk0QjUyMkRCMTUzRT A

工作正常。抱歉打扰......

- Dave

Hi,

I've looked at all the previous 403 code issues in this forum: as far as I can tell we're doing all the correct things, nonetheless we get 403. Please can someone suggest something?

We have a certificate issued by Digicert: the certificate usage includes key authentication. Our certificate chains to  "DigiCert High Assurance CA-3" which in turn chains to "DigiCert High Assurance EV Root CA", which is on the Microsoft approved list. We appear to have installed our certificate correctly: our app gets unthrottled, https urls back. Here's how I try to hit one of these urls (yes, it's a Unix server):

curl -v --key etc/certs/digicert-csa.pem --cert etc/certs/star_vyclone_com.crt -X POST --data '<?xml version="1.0" encoding="utf-8"?><wp:Notification xmlns:wp="WPNotification"><wp:Toast><wp:Text1>Vyclone</wp:Text1><wp:Text2>Hello Yeray, Dave calling</wp:Text2></wp:Toast></wp:Notification>' https://db3.notify.live.net/unthrottledthirdparty/01.00/AAFaW_3q1hOvQ5wSCC9sXgkGAgAAAAADGwAAAAQUZm52OjcyRDk0QjUyMkRCMTUzRTA

At the end of this post is the verbose output from curl, which seems to indicate that the SSL handshake is fine, but the server is giving me 403 anyway. openssl confirms that our private key is unecrypted (as does curl's failure to ask for a key phrase) and openssl also confirms that the certificate is valid. I can provide the three certificates in the chain if anyone wants to check them.

So, any ideas? I'm at my wit's end here. One thought: do I need to provide the intermediate Digicert certificate somehow - and if so, how to combine it with our cert?

Thanks in advance for any advice,

- Dave Cleal

Verbose output from curl follows:

=====================

解决方案

Never mind, solved it in the end. I needed to create a combined certificate file containing my, the intermediate, and the root certificates concatenated together  IN THAT ORDER. Then, 

curl -v --key etc/certs/digicert-csa.pem --cert combined.crt -X POST --data '<?xml version="1.0" encoding="utf-8"?><wp:Notification xmlns:wp="WPNotification"><wp:Toast><wp:Text1>Vyclone</wp:Text1><wp:Text2>Hello Yeray, Dave calling</wp:Text2></wp:Toast></wp:Notification>' https://db3.notify.live.net/unthrottledthirdparty/01.00/AAFaW_3q1hOvQ5wSCC9sXgkGAgAAAAADGwAAAAQUZm52OjcyRDk0QjUyMkRCMTUzRTA

worked fine. Sorry to bother...

- Dave

这篇关于403错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！