英文:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
使用HttpWebRequest 訪問 https://mapi.alipay.com/gateway.do?...支付寶接口時 在本機WIN10 64位環境 完全沒問題,使用firefox,IE Edge打開也沒問題,但是在win2003 server 上報錯:基礎連接已經關閉: 未能為 SSL/TLS 安全通道建立信任關系,用IE 無法打開鏈接
,如果在win2003 上使用fiddler 打開鏈接會彈出對話框提示:
Session #8: The remote server (mapi.alipay.com) presented a certificate that did not validate, due to RemoteCertificateChainErrors.
0 - 無法驗證證書的簽名。。。如果忽略錯誤則可正常訪問。
原因:證書沒官方簽名?
We checked the credentials passed; it seems everything was fine. But still it was failing whenever we make the request to the server with the above same message. When we checked their environment, we found customer uses the self-signed certificate on the server. This is because, by default, .NET checks whether SSL certificates are signed by a certificate from the Trusted Root Certificate store.
解決方案:
請求之前加上下面得代碼即可,簡潔實用
1.
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
2.
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback ( delegate { return true; } );
這樣做會潛在一定風險
所有驗證都會通過,不論是否證書是無效得。whatever 
,還有其他方案? 或者針對特定鏈接這樣做就好了
1.This will accept all certificates, regardless of why they are invalid, which resolved the customer’s issue.
By validating the X509 certificate provided by the computer running Microsoft Exchange Server 2007 for SSL over HTTP, you help to provide a layer of security for the client application. You must validate certificates before you can start programming with Exchange Web Services proxy classes. If the callback is not set up, the first call will fail with a certificate error.
2.This solution could be potential security threat as you are turning off the SSL certificate validation. If this is production code, understand the risk of the server you are connecting to.