The remote certificate is invalid according to the validation procedure 根據驗證過程中遠程證書無效
I'm calling an ASP.NET web service from an ASP.NET web application. The two applications are on different servers. The web service requires SSL and presents the application with a self-signed certificate. Since this is an internal app, I want the client application to trust the web service and its self-signed cert. 我調用一個 ASP.net Web服務從一個ASP.NET Web應用, 這兩個應用在不通的服務器上, Web Service請求了一個自簽名的證書, 這事個內網app,我希望客戶端應用信任web service的自簽名證書。
There are lots of suggestions on how to do this in your code by coding a delegate method to accept all server certificates regardless of origin:
這里是關於解決這個問題最多的方法, 就是 在你代碼里通過委托方法的方式默認接受所有服務器證書。
I don't want to do this, though, because this same code will be rolled out to production and it seems sloppy to me to allow all certificates to validate carte blanche.
ServicePointManager.ServerCertificateValidationCallback =
delegate(object sender, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; };
我不想這么做, 因為這樣的代碼放到生產環境允許所有證書驗證通過太過敷衍和馬虎並且不負責任。
So, I set out to download the internal SSL certificate and install it in the client computer's Trusted Root Certification Authorities cache. That still doesn't work!
所以, 我下載了內網證書並且在客戶端計算機安裝到了信任的整數緩存, 但是依然不正常。
Thanks to Ferry Onderwater's entry at http://www.arcencus.nl/Blogs/tabid/105/EntryID/39/Default.aspx, I see now where I went astray. By default, the Certificate snap-in installs certificates for the current user only. I needed all users to trust the certificate.
感謝 Ferry Onderwater's 的 http://www.arcencus.nl/Blogs/tabid/105/EntryID/39/Default.aspx 這片文章, 看起來是我現在想要的, 因為默認情況下,整數是安裝在當前用戶的, 我需要讓所有用戶都信任這個證書。
解決方案:
- 啟動一個MMC.
- File --> Add/Remove Snap-In... 文件-->添加刪除 單元
- Click Add... 點擊添加
- Choose Certificates and click Add. 選擇證書並添加
- Check the "Computer Account" radio button. Click Next. 選擇計算機 賬號 按鈕 點擊下一步
- Choose the client computer in the next screen. Click Finish. 選擇客戶端計算機在下一個屏幕, 點擊完成
- Click Close. 點擊關閉
- Click OK. 點擊確定
- NOW install the certificate into the Trusted Root Certification Authorities certificate store. This will allow all users to trust the certificate. 現在 安裝證書到信任的根證書授權證書存儲 (不同的系統中文翻譯不太一樣, 大概意思明白就行。 ) 然后允許所有證書信任此證書。