C#SSLStream AuthenticateAsServer供应发行者证书 [英] C# SSLStream AuthenticateAsServer supply issuer certificate
问题描述
你好
以下问题:我正在开发具有双向客户端身份验证的TLS 1.2服务器,并且客户端拒绝我的服务器Hello/证书.
我将C#TLS握手流量与正在工作的Java服务器流量进行了比较:唯一相关的区别是握手协议:证书".这里的C#服务器仅提供服务器(主题)证书,但相比之下缺少 发行人证书.在Java实现中,服务器提供包含主题和颁发者证书的证书集合.
我无法弄清楚如何配置或实施服务器以同时提供颁发者证书.我尝试启用注册表"SendTrustedIssuerList",没有任何效果.我尝试将SslStream与LocalCertificateSelectionCallback结合使用,但是我可以
仅选择没有颁发者证书且没有X509CertificateCollection的单个主题X509Certificate.
我在Win7 64位计算机上使用VS2015.目标框架是4.6.
请帮助,我已经详尽搜索了可能的解决方案:(
csharperB,
谢谢你在这里发帖.
对于您的问题,您可以参考MSDN文章
X509ServiceCertificateAuthentication Class .
它可以表示客户端代理用来验证通过SSL/TLS协商获得的服务证书的设置.
我希望这会有所帮助.
最好的问候,
温迪
Hello,
following problem: I am developing a TLS 1.2 server with mutual client authentication and clients reject my Server Hello / Certificate.
I compared the C# TLS handshake traffic with a working Java server traffic: the only relevant difference is the "Handshake Protokoll: Certificate". Here the C# server only provides the server (subject) certificate, but in comparison is missing the issuer certificate. In the Java implementation, the server provides a certificate collection holding both the subject and issuer certificate.
I cannot figure out how to configure or implement the server to supply also the issuer certificate. I tried enabling the registry "SendTrustedIssuerList" with no effect. I tried using SslStream with LocalCertificateSelectionCallback, but I can
only select a single subject X509Certificate without a issuer certificate and no X509CertificateCollection.
I am using VS2015 on a Win7 64bit machine. The target framework is 4.6.
Please help, I have exhaustively searched for possible solutions :(
Hi csharperB,
Thank you posting here.
For your question, you could refer to the MSDN article
X509ServiceCertificateAuthentication Class.
It could represent the settings used by the client proxy to authenticate service certificates that are obtained using SSL/TLS negotiation.
I hope this would be helpful.
Best Regards,
Wendy
这篇关于C#SSLStream AuthenticateAsServer供应发行者证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
