WCF新手 - 如何安装和使用SSL证书? [英] WCF newbie - how to install and use a SSL certificate?
问题描述
这应该是任何人谁是以前做过一个单元......
This should be a snap for anyone who's done it before...
我试图设置使用NetTcpBinding的自承载WCF服务。我从Thawte获得试用SSL证书,并成功安装在我的IIS店,我想我找到了正确设置在服务 - 至少它不例外在我身上。
I'm trying to set up a self-hosted WCF service using NetTcpBinding. I got a trial SSL certificate from Thawte and successfully installed that in my IIS store, and I think I've got it correctly set up in the service - at least it doesn't exception out on me!
现在,我尝试连接客户端(这仍然是我所有的开发计算机上),和它给我一个错误,消息=的X.509证书CN = ssl.mydomain .COM,OU =仅用于测试目的。没有保证,OU = IT,O =我的公司,L =我镇,S =无,C = IL链建设失败。使用该证书无法验证的信任链。更换证书或更改certificateValidationMode。证书链处理,但在不被信任供应商信任的根证书终止。
Now, I'm trying to connect the client (this is still all on my dev machine), and it's giving me an error, "Message = "The X.509 certificate CN=ssl.mydomain.com, OU=For Test Purposes Only. No assurances., OU=IT, O=My Company, L=My Town, S=None, C=IL chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."
Ooookeeeey ......现在该怎么办?
Ooookeeeey... now what?
客户端代码(我想这样做的代码,而不是App.config中):
Client code (I want to do this in code, not app.config):
var baseAddress = "localhost";
var factory = new DuplexChannelFactory<IMyWCFService>(new InstanceContext(SiteServer.Instance));
factory.Endpoint.Address = new EndpointAddress("net.tcp://{0}:8000/".Fmt(baseAddress));
var binding = new NetTcpBinding(SecurityMode.Message);
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
factory.Endpoint.Binding = binding;
var u = factory.Credentials.UserName;
u.UserName = userName;
u.Password = password;
return factory.CreateChannel()
新增赏金
我刚刚拿到了自己一个新的试用证书从Thawte,以发出的设置为mydomain.com安装了它,而且我仍然得到上述错误。我是一个新手,以网络安全,所以我需要详细说明如何获得客户端连接到我的网站,并接受安全证书。 (顺便说一句,什么是没有保证是什么意思?)
Added Bounty I've just got myself a new trial certificate from Thawte, installed it with the "issued to" set to mydomain.com, and I'm still getting the error above. I'm a newbie to web security, so I'll need detailed instructions how to get a client to connect to my website and accepting the security certificate. (BTW, what does "No assurances" mean?)
推荐答案
这个问题似乎是服务器证书已安装的您的服务器不被客户信赖。
The problem seems to be that the server certificate you have installed on your server is not trusted by the client.
有关其被信任的服务器证书需要根CA证书在受信任的根证书颁发机构的店用户运行客户端。如果你从Thawte或一些其他类似的CA将已经被世界上大多数的机器被信任的生产级服务器证书。
For it to be trusted the root CA certificate of the server certificate needs to be in the "Trusted Root Certification Authorities" store of the user running the client. If you get a "production" level server certificate from Thawte or some other similar CA it will already be trusted by most machines in the world.
不过,该错误信息来看(其中证书的主题专有名称中包含OU =只能用于测试,没有保证。),您的证书是一个测试因此,证书,则需要将CA证书手动添加到您的受信任的根证书颁发机构存储。根证书通常可以从CA的(Thawte的你的情况)网站上下载。
However, judging by the error message (where the subject distinguished name of the certificate contains "OU=For Test Purposes Only. No assurances.") your certificate is a test certificate and you therefore need to add the CA certificate to your "Trusted Root Certification Authorities" store manually. The root certificate can usually be downloaded from the CA's (Thawte in your case) website.
这篇关于WCF新手 - 如何安装和使用SSL证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
