我正在向HTTPS请求添加一个自签名的X509证书。
request.ClientCertificates.Add(new X509Certificate(@"key.pfx", ""));
与nginx对话,使用:
ssl_verify_client on;
因为它是自签名的,我在证书签名链上得到一个错误。所以我告诉c#忽略它。(执行lambda并返回true)
ServicePointManager.ServerCertificateValidationCallback +=
(sender, cert, chain, sslPolicyErrors) => true;
然而,我从nginx得到以下错误:
400 Bad Request
No required SSL certificate was sent
nginx/1.0.5
谁能解释一下为什么会发生这种情况?或者我怎么能找到原因?
我目前的想法:证书正在从http客户端删除,因为它是自签名的?
Step into: Stepping over method without symbols 'System.Net.Security.SecureChannel.VerifyRemoteCertificate'
System.Net Information: 0 : [5516] SecureChannel#31534420 - Remote certificate has errors:
System.Net Information: 0 : [5516] SecureChannel#31534420 - A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
System.Net Information: 0 : [5516] SecureChannel#31534420 - Remote certificate was verified as valid by the user.
欢迎任何帮助!谢谢,克里斯。
您需要在服务器上安装客户端证书,并配置服务器信任它。我没有nginx的经验,所以我不能帮助你如何,但你需要获得客户端证书到服务器的可信证书存储
解决:需要ssl_verify_depth 1;…