获得"远程证书按验证程序"是无效的;当SMPT服务器有一个有效证书 [英] Getting "The remote certificate is invalid according to the validation procedure" when SMPT server has a valid certificate
问题描述
这似乎是一个常见的错误,但同时,我已经找到了解决方法(见下文),我不能牵制我得到它摆在首位的原因。
This seems a common error but while I've found a work-around (see below) I can't pin down the reason I'm getting it in the first place.
我写SMTP功能集成到我们的应用程序,我试图SSL功能添加到我们现有的工作SMTP。
I am writing SMTP functionality into our application and I'm attempting to add SSL functionality to the working SMTP we already have.
我使用我们的测试公司的MS Exchange服务器和专门的webmail选项上启用。我可以不验证我的连接和发送匿名的,但是,这些邮件将不再转发到外部电子邮件地址,由于我们公司内部政策,发送电子邮件,通过我的代码。除了这我编程这为我们的客户和他们并不都允许开放中继和/或匿名连接。
I am testing using our company's MS Exchange server and specifically the webmail option enabled on that. I can send emails internally through my code by not authenticating my connection and sending anonymously, however those emails won't relay to external email addresses due to our companies policy. Besides which I am programming this for our customers and they don't all allow open relay and/or anonymous connections.
我相信使用显式SSL / TLS的Exchange服务器。我曾尝试远程登录到服务器的地址,端口25,并得到了文本响应,人类可读的响应,而根据我的一些搜索以前意味着它的使用显式SSL / TLS。
I believe the Exchange server is using Explicit SSL/ TLS. I have tried telnet to the server's address on port 25 and got a text response, human readable response, which according to some of my searches previously means it's using Explicit SSL/ TLS.
我有下面的测试代码
SmtpClient SMTPClient = new SmtpClient(webmailaddress);
SMTPClient.Port = 25;
SMTPClient.UseDefaultCredentials = true;
SMTPClient.EnableSsl = true;
System.Net.Mail.MailMessage Message = new `
System.Net.Mail.MailMessage(emailFrom,emailTo,subject,body);
SMTPClient.Send(Message);
在我寻找一个解决方案,我碰到这个的"远程证书按验证程序是无效的"。使用Gmail的SMTP服务器
从中我得到了下面的代码...
From which I got the following code...
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
public static bool ValidateServerCertificate(object sender,X509Certificate certificate,X509Chain chain,SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
else
{
if (System.Windows.Forms.MessageBox.Show("The server certificate is not valid.\nAccept?", "Certificate Validation", System.Windows.Forms.MessageBoxButtons.YesNo, System.Windows.Forms.MessageBoxIcon.Question) == System.Windows.Forms.DialogResult.Yes)
return true;
else
return false;
}
}
这工作在我的测试代码。不过,我正在写的(而不是我的测试代码)的实际进程是要在后台运行,并不能真正询问用户(而不是它报告在Windows错误日志错误)。
This works in my test code. HOWEVER the actual process I'm writing (rather than my test code) is going to run in the background and can't really ask the user (instead it reports errors in the windows error log).
当我开始,我的问题是真的,为什么我都收到此错误。如果我去到https:webmail.ourdomain.co.uk在浏览器中它显示了一个有效的证书,并没有选择安装证书(因为我会做,如果它是一个自签名的)
As I started, my question is really why I'm getting this error at all. If I go to https:webmail.ourdomain.co.uk in a browser it shows a valid certificate and there is no option to install the certificate (as I would have done if it were a self-signed one).
然而,当我跑我的代码,与在ValidateServerCertificate方法调试中断Poing的,我看证书值,看看我们本地服务器的发行人和以前不使用,而今天的性质后,不使用'。这不我收到证书相匹配。
However when I run my code, with a debug break poing in the ValidateServerCertificate method, I look at the certificate values and see an issuer of our local server and 'don't use before', and 'don't use after' properties of today. This does not match the certificate I am getting.
我也查了一下该sslPolicyErrors标志是在ValidateServerCertificate的调试和他们表现出RemoteCertificateChainErrors和 RemoteCertificateNameMismatch。
I've also checked what the sslPolicyErrors flags are in the debug of ValidateServerCertificate, and they are showing "RemoteCertificateChainErrors" and "RemoteCertificateNameMismatch".
所以我错过这个...为什么不使用正确的证书?如果有我需要在本地安装证书,它使用的话,我需要了解他们,所以我可以告诉我的客户,如果他们得到这个做什么步骤。
So what am I missing about this... why is it not using the correct certificate? If there are steps I need to take to install the certificate locally for it to use then I need to know them so I can tell my customers what to do if they get this.
我不想只是从ValidateServerCertificate方法返回true以绕过检查,因为它是一个后台进程,我不能要求用户,所以我需要了解如何让我的代码使用正确的/受信任的证书。
I don't want to just by-pass the check by returning true from the ValidateServerCertificate method, and because it's a background process I can't ask the user, so I need to understand how to get my code to use the correct/trusted certificate.
希望有人能提供意见。
推荐答案
的。答案我终于发现是服务器上的SMTP服务不使用相同的证书的HTTPS
The answer I have finally found is that the SMTP service on the server is not using the same certificate as https.
的诊断步骤我曾读到这里使它们使用相同的证书,每次我过去尝试这个,他们所做的和诊断步骤,正是我所做的来解决这个问题好几次时间的假设。
The diagnostic steps I had read here make the assumption they use the same certificate and every time I've tried this in the past they have done and the diagnostic steps are exactly what I've done to solve the problem several times.
在这种情况下,这些措施没有奏效,因为所使用的证书是不同的,而这可能是我从来没有碰到过。
In this case those steps didn't work because the certificates in use were different, and the possibility of this is something I had never come across.
解决方法是,实际的证书从服务器导出,然后我的机器上安装一个受信任的证书,或获得服务器上的SMTP服务不同的有效/受信任的证书。当前与谁管理的服务器来决定他们想要做我们的IT部门。
The solution is either to export the actual certificate from the server and then install it as a trusted certificate on my machine, or to get a different valid/trusted certificate for the SMTP service on the server. That is currently with our IT department who administer the servers to decide which they want to do.
这篇关于获得"远程证书按验证程序"是无效的;当SMPT服务器有一个有效证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
