HTTP适配器,SSL和通配符证书 [英] HTTP adapter, SSL and wildcard certificate
问题描述
我正在使用BizTalk Server开发B2B集成解决方案。用于与合作伙伴服务器通信的协议是HTTPS,因此它使用SSL。
合作伙伴用于建立SSL连接的证书由GeoTrust提供,但它是一个通配符证书,颁发给*。*。*。company.com
服务器I我试图联系到域名的域名:abccompany.com(似乎与通配符匹配)。
当我尝试打开与服务器的HTTPS连接时(通过Internet Explorer,.Net Windows应用程序或BizTalk) ,无法建立连接,因为证明证书不可信。例如,Internet Explorer会显示一条弹出消息,说明:
- 证书是从有效的CA发出的
- 证书日期有效
- 证书的名称是不匹配网站名称。这意味着证书是针对与我们访问的域不同的域颁发的。所以似乎通配符系统不适用于此证书?如果他们错误地获得了错误类型的证书,那可能吗?或者不支持多部分通配符证书(*。*。*)?
无论如何,即使他们的证书不是100%有效,他们拒绝更改它,因为他们的其他合作伙伴使用它,他们不会只为我们更改为适当的证书...
在.Net 2.0代码中,很容易绕过任何证书验证通过将委托ServicePointManager.ServerCertificateValidationCallback设置为回调方法,类似于:
ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj,X509Certificate certificate,X509Chain chain,SslPolicyErrors errors){返回true; };
不过,我需要用BizTalk Server 2006实现这种规避,我想知道是否有人这样做过。
我知道我可以编写自己的自定义HTTP适配器,但我迫切需要这个,所以我想问这个论坛的社区第一。也许有人比编写自定义适配器(例如某些"hack")更快捷。 (注册表项,自定义类...)或知道现有的自定义适配器已经完成这项工作。
提前致谢,
< br>
祝你好运,
< p class = MsoNormal> Francois Malgreve
你能够在BizTalk中实现它。
Hi,
I am developing a B2B integration solution using BizTalk Server. The protocol used to communicate with the partner’s server is HTTPS and so it uses SSL.
The certificate the partner is using to establish SSL connections is provided by GeoTrust but it is a wildcard certificate, issued to *.*.*.company.com
The server I am trying to contact to is on a domain of the form: a.b.c.company.com (which seems to match the wildcard).
When I try to open an HTTPS connection to the server (either through Internet Explorer, a .Net Windows Application or BizTalk), the connection cannot be established because the certificate is said to not be trusted. For example, Internet Explorer shows a pop-up message saying that:
- The certificate is issued from a valid CA
- The certificate date is valid
- The name of the certificate is NOT matching the name of the site. This means that the certificate is issued for a domain different that the one we are accessing to. So it seems that the wildcard system is not working for this certificate? Is that possible if they aquire a wrong type of certificate by mistake? or is multipart wildcard certificate (*.*.*) not supported?
Anyway even if their certificate is not 100% valid, they refuse to change it as their other partners work with that and they won't change to a proper certificate just for us...
In .Net 2.0 code, it is easy to circumvent any certificate validation by setting the delegate ServicePointManager.ServerCertificateValidationCallback to a callback method with something like:
ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; };
Nevertheless, I need to achieve this sort of circumvention with BizTalk Server 2006 and I would like to know if anyone ever did that.
I am aware that I can write my own custom HTTP Adapter but I need this urgently so I thought of asking this forum's community first. Maybe someone as a quicker way than writing a custom adapter such as some "hack" (registry keys, custom class... ) or knows of an existing custom adapter already doing the job.
Thanks in advance,
Best regards,
were you able to achieve it in BizTalk.
这篇关于HTTP适配器,SSL和通配符证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
