SslStream的麻烦 [英] SslStream troubles

问题描述

我有一个客户端/服务器解决方案，我正在尝试在此解决方案中使用SslStream.一切对我来说(显然)都很好，但是每当调用我对BeginAuthenticateAsClient()的回调时，我都会收到消息根据验证过程，远程证书无效."

现在，我已经检查并重新检查了我的个人证书和用来创建服务器代码使用的个人证书的受信任的根证书颁发机构证书.它们都显示为有效，个人证书具有私钥，个人证书指向"受信任的根证书.在我的服务器代码中，我打开了一个X509Store到LocalMachine商店，这是我的证书所在的位置.我找到了个人证书，并创建了一个本地X509Certificate变量(_certificate = new X509Certificate(foundCert.RawData);).在对BeginAuthenticateAsServer()的回调中，对EndAuthenticateAsServer(result)的调用成功.但是在客户端(我可能会在同一台PC上运行)上，我对EndAuthenticateAsClient(result)的调用返回了上面的错误.

I have an client/server solution into which I am trying to shoehorn SslStream. Everything looks good to me(obviously), but whenever my callback to BeginAuthenticateAsClient() is called, I get the message "The remote certificate is invalid according to the validation procedure."

Now, I''ve checked and re-checked my Personal certificate and the Trusted Root Certificate Authority certificate I used to create the Personal certificate that my server code uses. Both of them show as valid, the Personal certificate has a private key and the Personal cert "points" to the Trusted Root certificate. In my server code I open an X509Store to the LocalMachine store, which is where my certs are located. I find the Personal cert and create a local X509Certificate variable (_certificate = new X509Certificate(foundCert.RawData);) In the callback to BeginAuthenticateAsServer(), my call to EndAuthenticateAsServer(result) succeeds. But on the client side (running on the same PC, I might add), my call to EndAuthenticateAsClient(result) returns the error above.

Can someone who has expertise in this area give me some pointers to things I may have done incorrectly, please?

推荐答案

我不是该领域的专家，但我可以"使用SSL流从来没有问题.

您使用哪个SslStream构造函数?我建议使用带有RemoteCertificateValidationCallback委托的代理，这样您就可以检查是否有策略错误.

I''m no expert in this area but I''ve never had a problem using SSL streams.

Which SslStream constructor are you using? I would suggest using one that takes a RemoteCertificateValidationCallback delegate so you can check any policy errors if you''re not already.

我正在收到"RemoteCertificateNameMismatch"错误.我不确定是否是因为我的测试客户端与测试服务器在同一台计算机上运行，​​因为PC的本地名称与外部DNS条目的名称不同(以及我在我创建了我的测试证书).

I''m getting the "RemoteCertificateNameMismatch" error. I''m not sure if it''s because my test Client is running on the same machine as my test Server, since the local name for the PC is different than what the external DNS entry is (and the CN value I used when I created my test certificate).

这篇关于SslStream的麻烦的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！