Windows 8电话客户端证书HTTPS身份验证 [英] Windows 8 Phone Client Certificate HTTPS authentication
本文介绍了Windows 8电话客户端证书HTTPS身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试使用我正在开发的Windows 8 Phone应用程序中的客户端证书访问安全的HTTPS服务器。这根本不起作用,这使我尝试从标准Web浏览器访问HTTPS服务器,但它也不起作用。我不知道Internet Explorer是否可以处理客户端证书。如果它不处理它们,我会对c#.NET的一些示例代码非常感兴趣,它可以在Windows 8 Phone上运行,并且能够通过HTTPS为Web服务提供客户端证书。使用的证书必须存储在Windows 8 Phone证书存储区中。
I am trying to access a secure HTTPS server using client certificate from a Windows 8 Phone app I am developing. This does not work at all which has has made me try to access the HTTPS server from the standard web browser where it does not work either. I do not know if Internet Explorer can handle client certificates or not. If it does not handle them I would be very interested in some sample code for c# .NET that works on Windows 8 Phone and that is able to provide a client certificate to the web service over HTTPS. The certificate used must be stored in the Windows 8 Phone certificate store.
它对我来说无效,无论是我构建的应用程序还是Internet Explorer。我在Apache中设置了客户端身份验证,如下所示:
It Just does not work for me, neither from the app I built nor from Internet Explorer. I have set up Client Authentication in Apache like the following:
<VirtualHost _default_:443>
DocumentRoot /var/www/htdocs
ServerName norrweb
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
#SSLCACertificatePath /var/www/conf/ssl.crt
SSLCACertificateFile /var/www/conf/ssl.crt/ca-bundle.crt
SSLVerifyClient require
SSLVerifyDepth 10
</VirtualHost>
这很有效,在OSX中我可以通过SSLCACertificateFile中指定的CA选择我的客户端证书问题一个自签名的根CA和一个中间CA,后者又签署了我在我的mac上使用的客户端证书。
This works great, in OSX I can chose my client certificate issues by the CA specified in SSLCACertificateFile which contains a self-signed Root CA and an intermediate CA that has in turn signed the client certificate I am using on my mac.
我已经安装了根CA,中间CA以及Windows 8 Phone(Nokia Lumia 900)上的客户端CA.电话告诉我每个证书已成功安装。
对我而言,好像手机永远不会向服务器发送任何证书。是否需要指定哪个服务器使用哪个证书?
I have installed the Root CA, the Intermediate CA and the client CA on a Windows 8 Phone (Nokia Lumia 900). The phone told me for each certificate that it was successfully installed. To me it seem like if the phone never sends any certificate to the server. Is there a need to specify which certificate to be used for which server?
Apache的error_log中可以读取以下内容:
The following can be read in error_log for Apache:
# tail -f /var/www/logs/error_log
[Tue Mar 12 23:46:30 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:46:30 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
在Wireshark中可以看到以下内容
The following can be seen in Wireshark
No. Time Source Destination Protocol Length Info
1 0.000000000 10.0.83.232 10.0.83.132 TCP 66 49160 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
2 0.000177000 10.0.83.132 10.0.83.232 TCP 66 https > 49160 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8
Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
3 0.004240000 10.0.83.232 10.0.83.132 TCP 60 49160 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0
Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
4 0.006430000 10.0.83.232 10.0.83.132 TLSv1 162 Client Hello
Frame 4: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 108
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 103
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 99
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 0
Cipher Suites Length: 24
Cipher Suites (12 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 34
Extension: renegotiation_info
Extension: status_request
Extension: elliptic_curves
Extension: ec_point_formats
Extension: SessionTicket TLS
No. Time Source Destination Protocol Length Info
5 0.006753000 10.0.83.132 10.0.83.232 TLSv1 1086 Server Hello, Certificate, Certificate Request, Server Hello Done
Frame 5: 1086 bytes on wire (8688 bits), 1086 bytes captured (8688 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1, Ack: 109, Len: 1032
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 53
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 49
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 0
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Compression Method: null (0)
Extensions Length: 9
Extension: renegotiation_info
Extension: SessionTicket TLS
TLSv1 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 810
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 806
Certificates Length: 803
Certificates (803 bytes)
TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 154
Handshake Protocol: Certificate Request
Handshake Type: Certificate Request (13)
Length: 146
Certificate types count: 3
Certificate types (3 types)
Distinguished Names Length: 140
Distinguished Names (140 bytes)
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
No. Time Source Destination Protocol Length Info
6 0.035066000 10.0.83.232 10.0.83.132 TLSv1 387 Certificate, Client Key Exchange, Change Cipher Spec, Finished
Frame 6: 387 bytes on wire (3096 bits), 387 bytes captured (3096 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 109, Ack: 1033, Len: 333
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 269
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 3
Certificates Length: 0
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 258
RSA Encrypted PreMaster Secret
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
TLSv1 Record Layer: Handshake Protocol: Finished
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 48
Handshake Protocol: Finished
Handshake Type: Finished (20)
Length: 12
Verify Data
No. Time Source Destination Protocol Length Info
7 0.035543000 10.0.83.132 10.0.83.232 TLSv1 61 Alert (Level: Fatal, Description: Handshake Failure)
Frame 7: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1033, Ack: 442, Len: 7
Secure Sockets Layer
TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
No. Time Source Destination Protocol Length Info
8 0.037140000 10.0.83.132 10.0.83.232 TCP 54 https > 49160 [FIN, ACK] Seq=1040 Ack=442 Win=17520 Len=0
Frame 8: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 442, Len: 0
No. Time Source Destination Protocol Length Info
9 0.037374000 10.0.83.232 10.0.83.132 TCP 60 49160 > https [FIN, ACK] Seq=442 Ack=1040 Win=260864 Len=0
Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 442, Ack: 1040, Len: 0
No. Time Source Destination Protocol Length Info
10 0.037491000 10.0.83.132 10.0.83.232 TCP 54 https > 49160 [FIN, ACK] Seq=1040 Ack=443 Win=17520 Len=0
Frame 10: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 443, Len: 0
No. Time Source Destination Protocol Length Info
11 0.038866000 10.0.83.232 10.0.83.132 TCP 66 49161 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 11: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
12 0.038987000 10.0.83.132 10.0.83.232 TCP 66 https > 49161 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8
Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
13 0.042720000 10.0.83.232 10.0.83.132 TCP 60 49160 > https [ACK] Seq=443 Ack=1041 Win=260864 Len=0
Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 443, Ack: 1041, Len: 0
No. Time Source Destination Protocol Length Info
14 0.045063000 10.0.83.232 10.0.83.132 TCP 60 49161 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0
Frame 14: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
15 0.046585000 10.0.83.232 10.0.83.132 SSLv3 112 Client Hello
Frame 15: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 58
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 53
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 49
Version: SSL 3.0 (0x0300)
Random
Session ID Length: 0
Cipher Suites Length: 10
Cipher Suites (5 suites)
Compression Methods Length: 1
Compression Methods (1 method)
No. Time Source Destination Protocol Length Info
16 0.047039000 10.0.83.132 10.0.83.232 SSLv3 1113 Server Hello, Certificate, Certificate Request, Server Hello Done
Frame 16: 1113 bytes on wire (8904 bits), 1113 bytes captured (8904 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1, Ack: 59, Len: 1059
Secure Sockets Layer
SSLv3 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 81
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: SSL 3.0 (0x0300)
Random
Session ID Length: 32
Session ID: f49316c9deb37720a0af8fe4bd7d3feb9a289930d502de9d...
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Compression Method: null (0)
Extensions Length: 5
Extension: renegotiation_info
SSLv3 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 810
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 806
Certificates Length: 803
Certificates (803 bytes)
SSLv3 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 153
Handshake Protocol: Certificate Request
Handshake Type: Certificate Request (13)
Length: 145
Certificate types count: 2
Certificate types (2 types)
Distinguished Names Length: 140
Distinguished Names (140 bytes)
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
No. Time Source Destination Protocol Length Info
17 0.058398000 10.0.83.232 10.0.83.132 SSLv3 397 Alert (Level: Warning, Description: No Certificate), Client Key Exchange, Change Cipher Spec, Finished
Frame 17: 397 bytes on wire (3176 bits), 397 bytes captured (3176 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 59, Ack: 1060, Len: 343
Secure Sockets Layer
SSLv3 Record Layer: Alert (Level: Warning, Description: No Certificate)
Content Type: Alert (21)
Version: SSL 3.0 (0x0300)
Length: 2
Alert Message
Level: Warning (1)
Description: No Certificate (41)
SSLv3 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 260
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 256
SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: SSL 3.0 (0x0300)
Length: 1
Change Cipher Spec Message
SSLv3 Record Layer: Handshake Protocol: Finished
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 60
Handshake Protocol: Finished
Handshake Type: Finished (20)
Length: 36
MD5 Hash
SHA-1 Hash
No. Time Source Destination Protocol Length Info
18 0.058791000 10.0.83.132 10.0.83.232 SSLv3 61 Alert (Level: Fatal, Description: Handshake Failure)
Frame 18: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1060, Ack: 402, Len: 7
Secure Sockets Layer
SSLv3 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
Content Type: Alert (21)
Version: SSL 3.0 (0x0300)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
No. Time Source Destination Protocol Length Info
19 0.059728000 10.0.83.132 10.0.83.232 TCP 54 https > 49161 [FIN, ACK] Seq=1067 Ack=402 Win=17520 Len=0
Frame 19: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 402, Len: 0
No. Time Source Destination Protocol Length Info
20 0.061094000 10.0.83.232 10.0.83.132 TCP 60 49161 > https [FIN, ACK] Seq=402 Ack=1067 Win=260864 Len=0
Frame 20: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 402, Ack: 1067, Len: 0
No. Time Source Destination Protocol Length Info
21 0.061351000 10.0.83.132 10.0.83.232 TCP 54 https > 49161 [FIN, ACK] Seq=1067 Ack=403 Win=17520 Len=0
Frame 21: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 403, Len: 0
No. Time Source Destination Protocol Length Info
22 0.062308000 10.0.83.232 10.0.83.132 TCP 66 49162 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 22: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49162 (49162), Dst Port: https (443), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
23 0.062449000 10.0.83.132 10.0.83.232 TCP 66 https > 49162 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8
这是一些新信息,我使用openssl s_client进行了一些调试,见下文:
Here is some new info, I have done some future debugging using openssl s_client, see below:
imac:test jens$ openssl s_client -showcerts -connect norrweb:443 -CAfile CCRootCA.pem -prexit
CONNECTED(00000003)
depth=1 /CN=CCRootCA/C=SE/emailAddress=<mail hidden>
verify return:1
depth=0 /CN=norrweb/emailAddress=<mail hidden>
verify return:1
45636:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 40
45636:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_lib.c:182:
---
Certificate chain
0 s:/CN=norrweb/emailAddress=<mail hidden>
i:/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIBAjALBgkqhkiG9w0BAQswPDERMA8GA1UEAwwIQ0NSb290
<snip>
IEPe9OMviQ+yxlJKnalvha8yL5ULzYFIkRfvUZTUd8M=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=norrweb/emailAddress=<mail hidden>
issuer=/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
---
Acceptable client certificate CA names
/CN=NorrIntermediateCA/C=SE/emailAddress=<mail hidden>
/CN=NorrRootCA/C=SE/emailAddress=<mail hidden>
---
SSL handshake has read 1599 bytes and written 210 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: C3B4CC8BF5D88DE76E0DDEE4A24499B9F391D8B7AE93C84CE25DA58218181313
Session-ID-ctx:
Master-Key: C98F2A12F7A796BD380507544A25FBEFCFEC1270F14A5705E6FFC4C841403F35C244E39F71FBA5407C27AC406D1058B7
Key-Arg : None
Start Time: 1364065589
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
imac:test jens$
以下内容打印在登录服务器上:
The following is printed in the log on server:
[23/Mar/2013 20:06:24 25734] [info] Connection to child 3 established (server norrweb:443, client 10.0.83.145)
[23/Mar/2013 20:06:24 25734] [info] Seeding PRNG with 1160 bytes of entropy
[23/Mar/2013 20:06:24 25734] [error] SSL handshake failed (server norrweb:443, client 10.0.83.145) (OpenSSL library error follows)
[23/Mar/2013 20:06:24 25734] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
因为它打印出以下内容我猜服务器正在做正确的事情?:
Because it prints the following I would guess the server is doing the correct thing?:
可接受的客户证书CA名称
Acceptable client certificate CA names
/ CN = NorrIntermediateCA / C = SE / emailAddress =
/CN=NorrIntermediateCA/C=SE/emailAddress=
/ CN = NorrRootCA / C = SE / emailAddress =
/CN=NorrRootCA/C=SE/emailAddress=
我知道我已经在诺基亚设备上安装了客户端证书/ CN = NorrIntermediateCA / C = SE / emailAddress =
I know for sure I have installed a client certificate on the Nokia device signed by /CN=NorrIntermediateCA/C=SE/emailAddress=
还有人建议吗? Windows 8手机坏了吗?
Any more suggestions anyone? Is the Windows 8 Phone broken?
推荐答案
我知道这已经晚了,但根据此msdn文章 Windows Phone 8不支持客户端证书。
I know this is late, but according to this msdn article client certificates are not supported in Windows Phone 8.
这篇关于Windows 8电话客户端证书HTTPS身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
