c# SSL请求-证书验证

本文关键字:证书 验证 请求 SSL | 更新日期: 2023-09-27 18:11:58

我正在向HTTPS请求添加一个自签名的X509证书。

request.ClientCertificates.Add(new X509Certificate(@"key.pfx", ""));

与nginx对话,使用:

 ssl_verify_client on;

因为它是自签名的,我在证书签名链上得到一个错误。所以我告诉c#忽略它。(执行lambda并返回true)

 ServicePointManager.ServerCertificateValidationCallback += 
                                (sender, cert, chain, sslPolicyErrors) => true;

然而,我从nginx得到以下错误:

400 Bad Request
No required SSL certificate was sent
nginx/1.0.5

谁能解释一下为什么会发生这种情况?或者我怎么能找到原因?
我目前的想法:证书正在从http客户端删除,因为它是自签名的?

c# 的一些诊断输出
Step into: Stepping over method without symbols 'System.Net.Security.SecureChannel.VerifyRemoteCertificate'
System.Net Information: 0 : [5516] SecureChannel#31534420 - Remote certificate has errors:
System.Net Information: 0 : [5516] SecureChannel#31534420 -     A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
System.Net Information: 0 : [5516] SecureChannel#31534420 - Remote certificate was verified as valid by the user.

欢迎任何帮助!谢谢,克里斯。

c# SSL请求-证书验证

您需要在服务器上安装客户端证书,并配置服务器信任它。我没有nginx的经验,所以我不能帮助你如何,但你需要获得客户端证书到服务器的可信证书存储

解决:需要ssl_verify_depth 1;