无法连接到使用X509客户端证书的HTTPS [英] Can't connect to HTTPS using X509 client certificate
问题描述
我是新来的密码学和我有点坚持:
I'm new to cryptography and I'm a bit stuck:
我试图连接(从我的开发环境)使用HTTPS Web服务。 Web服务需要客户端证书 - 这我想我已经正确安装
I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly.
他们给我提供了一个.PFX文件。在Windows 7中,我双击它安装到我的当前用户的文件 - 个人证书存储
They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store.
我然后导出的X509 BASE-64连接codeD .cer文件从存储中的证书项。它没有私钥准吧。
I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it.
于是,在我的应用程序,我试图连接到这样的服务:
Then, in my app, I'm attempting to connect to the service like this:
var certificate = X509Certificate.CreateFromCertFile("xyz.cer"));
var serviceUrl = "https://xyz";
var request = (HttpWebRequest) WebRequest.Create(serviceUrl);
request.ClientCertificates.Add(certificate);
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
我得到的,当我连接502连接失败。
I get a 502 Connection failed when I connect.
有什么你可以看到不对的方法?我们的生产环境似乎与类似配置的工作,但它的运行Windows Server 2003。
Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003.
谢谢!
推荐答案
根本的问题是,你只给你的程序访问证书。进行认证,它需要访问私钥太
The underlying problem is that you are only giving your program access to the certificate. To perform authentication, it needs access to the private key too.
一个正确实例 X509Certificate2 可携带的私钥,应传递给 ClientCertificates.Add()方法。我相信 导入() 方法可以接受一个.pfx文件作为输入;导出.CER文件缺少了私有密钥,而不是客户端验证非常有用。
A correctly instantiated X509Certificate2 can carry the private key, and should be passed to ClientCertificates.Add() method. I believe the Import() method can accept a .pfx file as input; the exported .cer file lacks the private key and isn't useful for client authentication.
这篇关于无法连接到使用X509客户端证书的HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
