在连接之前使用installCertificateAsync信任服务器证书 [英] Using installCertificateAsync to trust a server certificate before connecting
问题描述
在尝试连接有限的运气之前,我正在尝试信任服务器证书,并且想知道这是否是受支持的工作流程。 我的桌面上有一个.cer文件,如果我将其导入"受信任的根证书颁发机构",我与SSL StreamSocket的
服务器主机名的连接成功。 但是,如果我从受信任的根证书颁发机构中删除它并尝试以编程方式信任它,我仍然会收到证书验证错误。 我在桌面模式下连接到Internet Explorer中的
服务器,查看证书,选择"复制到文件...",然后选择"DER编码二进制X.509"。 (.CER)"。
I'm trying to trust a server certificate before connecting with limited luck and am wondering if this is a supported workflow. I have a .cer file on my Desktop that if I import it into "Trusted Root Certification Authorities", my connections to the server hostname with a SSL StreamSocket succeed. But if I remove that from my trusted root certification authorities and try and programmatically trust it, I still get certificate verification errors. I got this .cer file from connecting to the server in Internet Explorer in Desktop Mode, viewing the certificate, selecting "Copy to File...", and selecting "DER encoded binary X.509 (.CER)".
下面是一些示例代码,我要求用户选择.cer文件,读取它,对它进行base64编码,然后将缓冲区传递给installCertificateAsync。 所有这些代码都成功了,但是我使用SSL连接到服务器的下一次调用仍然失败,并且无效的
证书错误,即使我使用的主机名与证书的主机名匹配。
Here is some sample code where I ask the user to select the .cer file, read it, base64-encode it, and pass the buffer into installCertificateAsync. All of this code succeeds but my next call to connect to the server with SSL still fails with an invalid certificate error, even though the hostname I use matches the hostname of the certificate.
var openPicker = new Windows.Storage.Pickers.FileOpenPicker();
openPicker.viewMode = Windows.Storage.Pickers.PickerViewMode.thumbnail;
openPicker.suggestedStartLocation = Windows.Storage.Pickers.PickerLocationId.desktop;
openPicker.fileTypeFilter.replaceAll([".cer"]);
// Open the picker for the user to pick a file
openPicker.pickSingleFileAsync().then(function (file) {
Windows.Storage.FileIO.readBufferAsync(file).then(
function readSuccess(buffer) {
var cert = Windows.Security.Cryptography.CryptographicBuffer.encodeToBase64String(buffer);
mgr.installCertificateAsync(cert, 0).then(
function certSuccess() {
var socket = new Windows.Networking.Sockets.StreamSocket();
socket.connectAsync(new Windows.Networking.HostName("broker.domain.int"), "443", Windows.Networking.Sockets.SocketProtectionLevel.ssl).then(
function success() {
// Blah.
},
function error(reason) {
// This is where the code gets to.
});
},
function certFailure(reason) {
// Blah.
});
},
function readFailure(reason) {
//Blah.
});
});这甚至应该有用吗? 或者我是否必须找到获取.pfx数据的方法而不是使用importPfxDataAsync?
Is this even supposed to work? Or do I have to find a way to get the .pfx data instead and use importPfxDataAsync instead?
推荐答案
是否为提前知道服务器? 如果是这样,您只需将其包含在您的清单和应用数据中(请参阅上一篇文章):
Is the certificate for the server known ahead of time? If so you simply include it in your manifest and app data like this (see the last post):
-Jeff
这篇关于在连接之前使用installCertificateAsync信任服务器证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
