的HttpListener使用HTTPS的支持 [英] Httplistener with https support

问题描述

好像是有很多相互矛盾的，有时混乱，信息与问候让一个.NET的HttpListener HTTPS能力。我的理解如下：

Seems to be a lot of conflicting, sometimes confusing, information with regards to making a .net HTTPListener https capable. My understanding is as follows:

• 那些C＃code需要一个HTTPS preFIX（例如HTTPS：// *：8443），以便听者明白它需要服务在这个端口上的SSL请求。

• ones c# code needs an https prefix (ex. https://*:8443) in order for the listener to understand it needs to service SSL requests at this port.

实际发生SSL握手被窝里，并通过HTTP.SYS处理（某处在Windows机器上被掩盖）。在C＃code不必明确地管理SSL握手，它发生 在幕后。

the actual SSL handshake happens under the covers and is handled by http.sys (buried somewhere on the windows machine). The C# code doesn't have to explicitely manage the ssl handshake, it happens under the covers.

一个人需要具备​​的HttpListener计算机上的X509可信证书，并以某种方式该证书需要绑定到8443端口（在本例中）

one needs to have a "x509 trusted certificate" on the httpListener machine, and somehow that certificate needs to be bound to port 8443 (in this example)

我的理解上面是否正确？如果没有，请教育我。

Is my understanding above correct? If not, please educate me.

对于X509证书，我的理解是：

Regarding x509 certificates, my understanding is:

• 使用makecert来创建一个X509证书。此证书被存储在个人存储，需要克服移动到可信存储（这是在HTTP监听器的外观）。看来我可以用certMgr执行移动，或者我可以使用MMC来实现移动。似乎还有更多的则1 X509证书格式（DER，Base64的，PKS，PSWD保护PKS私营等）..有一个preferred格式我应该使用？

在我得到的证书到受信任的店，我需要将其绑定到TCP端口。我对win7的，应使用httpcfg或netsh的？

Once I get the cert into the trusted store, I need to bind it to the tcp port. I am on win7, should be using httpcfg or netsh?

任何提示/意见将是AP preciated。

Any tips/advice would be appreciated.

推荐答案

我做了一堆功课，得到了这个工作。步骤添加SSL支持为.NET的HttpListener是：

I did a bunch of homework and got this working. The steps to add SSL support for an .NET HttpListener are:

1. 更​​新C＃应用程序code，包括HTTPS preFIX。示例

1. Update C# app code to include https prefix. Example

String[] prefixes = { "http://*:8089/","https://*:8443/" };

这是它从code方面。

That's it from the code aspect.

有关的事情证书侧，使用赢SDK命令控制台（也可以使用VS 专业命令控制台）

For the certificate side of things, using Win SDK command console (can also use VS Professional command console)

• 使用 makecert.exe 来创建一个证书颁发机构。例如：

• Use makecert.exe to create a certificate authority. Example:

makecert -n "CN=vMargeCA" -r -sv vMargeCA.pvk vMargeCA.cer

使用 makecert.exe 来创建一个SSL证书

Use makecert.exe to create an SSL certificate

makecert -sk vMargeSignedByCA -IV vMargeCA.pvk -nCN = vMargeSignedByCA-ic vMargeCA.cer vMargeSignedByCA.cer -sr LOCALMACHINE -ss我

使用MMC GUI安装CA在受信任的机构存储

Use MMC GUI to install CA in Trusted Authority store

绑定证书IP：端口和应用。例如：

Bind certificate to ip:port and application. Example:

的netsh的http添加的sslcert ipport = 0.0.0.0：8443 CERTHASH = 585947f104b5bce53239f02d1c6fed06832f47dc的appid = {df8c8073-5a4b-4810-b469-5975a9c95230}

该CERTHASH是从你的SSL证书的指纹。你可以找到这个使用MMC 该APPID在VS中......一般在assembly.cs，查找GUID值

The certhash is the thumbprint from your ssl certificate. you can find this using mmc The appid is found in VS...usually in assembly.cs, look for guid value

可能有其他的方法来完成以上，而这个工作对我来说。

There may be other ways to accomplish the above, but this worked for me.

这篇关于的HttpListener使用HTTPS的支持的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！