根据验证过程,获取“远程证书无效”。 SMTP服务器具有有效证书时 [英] Getting "The remote certificate is invalid according to the validation procedure" when SMTP server has a valid certificate
问题描述
这似乎是一个常见的错误,但是尽管我找到了解决方法(请参阅下文),但我无法确定我首先得到它的原因。
我正在将SMTP功能写入我们的应用程序,并试图将SSL功能添加到我们已经拥有的工作SMTP中。
我正在使用我们的公司的MS Exchange服务器,尤其是在该服务器上启用了webmail选项。我可以通过代码内部发送电子邮件,而无需验证我的连接并匿名发送,但是由于我们公司的政策,这些电子邮件不会中继到外部电子邮件地址。除此之外,我正在为我们的客户进行编程,他们都不允许开放中继和/或匿名连接。
我相信Exchange服务器正在使用显式SSL / TLS 。我已经尝试使用telnet到端口25上的服务器地址,并得到了一个文本响应,人类可读的响应,根据我以前的一些搜索,这意味着它正在使用显式SSL / TLS。
我有以下测试代码
SmtpClient SMTPClient = new SmtpClient(webmailaddress);
SMTPClient.Port = 25;
SMTPClient.UseDefaultCredentials = true;
SMTPClient.EnableSsl = true;
System.Net.Mail.MailMessage消息=新`
System.Net.Mail.MailMessage(emailFrom,emailTo,subject,body);
SMTPClient.Send(消息);
在寻找解决方案期间,我遇到了这个,并假设他们使用相同的证书,并且在过去的每次尝试中,他们都这样做并且诊断步骤是正是我为解决该问题而做过的几次。
在这种情况下,这些步骤不起作用,因为使用的证书不同,并且可能这是我从未遇到过的事情。
解决方案是从服务器导出实际证书,然后将其作为受信任的证书安装在我的计算机上,或者为服务器上的SMTP服务获取其他有效/受信任的证书。目前,我们的IT部门负责管理服务器来决定要执行的操作。
This seems a common error but while I've found a work-around (see below) I can't pin down the reason I'm getting it in the first place.
I am writing SMTP functionality into our application and I'm attempting to add SSL functionality to the working SMTP we already have.
I am testing using our company's MS Exchange server and specifically the webmail option enabled on that. I can send emails internally through my code by not authenticating my connection and sending anonymously, however those emails won't relay to external email addresses due to our companies policy. Besides which I am programming this for our customers and they don't all allow open relay and/or anonymous connections.
I believe the Exchange server is using Explicit SSL/ TLS. I have tried telnet to the server's address on port 25 and got a text response, human readable response, which according to some of my searches previously means it's using Explicit SSL/ TLS.
I have the following test code
SmtpClient SMTPClient = new SmtpClient(webmailaddress);
SMTPClient.Port = 25;
SMTPClient.UseDefaultCredentials = true;
SMTPClient.EnableSsl = true;
System.Net.Mail.MailMessage Message = new `
System.Net.Mail.MailMessage(emailFrom,emailTo,subject,body);
SMTPClient.Send(Message);
During my searching for a solution I came across this "The remote certificate is invalid according to the validation procedure." using Gmail SMTP server
From which I got the following code...
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
public static bool ValidateServerCertificate(object sender,X509Certificate certificate,X509Chain chain,SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
else
{
if (System.Windows.Forms.MessageBox.Show("The server certificate is not valid.\nAccept?", "Certificate Validation", System.Windows.Forms.MessageBoxButtons.YesNo, System.Windows.Forms.MessageBoxIcon.Question) == System.Windows.Forms.DialogResult.Yes)
return true;
else
return false;
}
}
This works in my test code. HOWEVER the actual process I'm writing (rather than my test code) is going to run in the background and can't really ask the user (instead it reports errors in the windows error log).
As I started, my question is really why I'm getting this error at all. If I go to https:webmail.ourdomain.co.uk in a browser it shows a valid certificate and there is no option to install the certificate (as I would have done if it were a self-signed one).
However when I run my code, with a debug break poing in the ValidateServerCertificate method, I look at the certificate values and see an issuer of our local server and 'don't use before', and 'don't use after' properties of today. This does not match the certificate I am getting.
I've also checked what the sslPolicyErrors flags are in the debug of ValidateServerCertificate, and they are showing "RemoteCertificateChainErrors" and "RemoteCertificateNameMismatch".
So what am I missing about this... why is it not using the correct certificate? If there are steps I need to take to install the certificate locally for it to use then I need to know them so I can tell my customers what to do if they get this.
I don't want to just by-pass the check by returning true from the ValidateServerCertificate method, and because it's a background process I can't ask the user, so I need to understand how to get my code to use the correct/trusted certificate.
Hope someone can advise.
The answer I have finally found is that the SMTP service on the server is not using the same certificate as https.
The diagnostic steps I had read here make the assumption they use the same certificate and every time I've tried this in the past they have done and the diagnostic steps are exactly what I've done to solve the problem several times.
In this case those steps didn't work because the certificates in use were different, and the possibility of this is something I had never come across.
The solution is either to export the actual certificate from the server and then install it as a trusted certificate on my machine, or to get a different valid/trusted certificate for the SMTP service on the server. That is currently with our IT department who administer the servers to decide which they want to do.
这篇关于根据验证过程,获取“远程证书无效”。 SMTP服务器具有有效证书时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
