小贝子编程

正在从pem文件中加载X509Certificate2.当用作ClientCertificates时,结果是No cre



我需要向服务器发出请求。此请求需要证书才能访问服务器。

如果我加载P12文件并将其注册为http客户端上的证书。

var clientCertificate = new X509Certificate2(pathToTestCert, passToTestCert);
var handler = new HttpClientHandler();
handler.ClientCertificates.Add(clientCertificate );

但是,如果我使用createfromemfile从pem文件加载证书,

var clientCertificate= X509Certificate2.CreateFromPemFile(purePem);
var handler = new HttpClientHandler();
handler.ClientCertificates.Add(clientCertificate);

向服务器发送请求时得到的值

System.IO.IOException: The read operation failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x8009030E): No credentials are available in the security package
at System.Net.SSPIWrapper.AcquireCredentialsHandle(ISSPIInterface secModule, String package, CredentialUse intent, SCH_CREDENTIALS* scc)
at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(CredentialUse credUsage, SCH_CREDENTIALS* secureCredential)
at System.Net.Security.SslStreamPal.AcquireCredentialsHandleSchCredentials(X509Certificate2 certificate, SslProtocols protocols, EncryptionPolicy policy, Boolean isServer)
at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(SslStreamCertificateContext certificateContext, SslProtocols protocols, EncryptionPolicy policy, Boolean isServer)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer)
at System.Net.Security.SslStream.ProcessBlob(Int32 frameSize)
at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.ReplyOnReAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Byte[] buffer)
at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](TIOAdapter adapter, Memory`1 buffer)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](TIOAdapter adapter, Memory`1 buffer)
at System.Net.Http.HttpConnection.InitialFillAsync(Boolean async)
at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken

请注意,在文本编辑器中打开pem文件是这样的。

-----BEGIN PRIVATE KEY-----
.
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
................
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.................
-----END CERTIFICATE-----

Windows上的TLS层要求将私钥写入磁盘(以一种特殊的方式)。基于pem的证书加载不会这样做,只有pfx加载可以。

让TLS层满意的最简单方法是执行

cert = new X509Certificate2(cert.Export(X509ContentType.Pfx));

也就是说,将cert+密钥导出到一个PFX,然后立即再次导入它(以获得密钥(临时)以一种channel可以找到它的方式写入磁盘的副作用)。您不应该需要更改默认的PFX加载标志,尽管一些复杂的受限用户可能需要使用MachineKeySet。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium