The remote certificate is invalid according to the validation procedure 根据验证过程中远程证书无效
I'm calling an ASP.NET web service from an ASP.NET web application. The two applications are on different servers. The web service requires SSL and presents the application with a self-signed certificate. Since this is an internal app, I want the client application to trust the web service and its self-signed cert. 我调用一个 ASP.net Web服务从一个ASP.NET Web应用, 这两个应用在不通的服务器上, Web Service请求了一个自签名的证书, 这事个内网app,我希望客户端应用信任web service的自签名证书。
There are lots of suggestions on how to do this in your code by coding a delegate method to accept all server certificates regardless of origin:
这里是关于解决这个问题最多的方法, 就是 在你代码里通过委托方法的方式默认接受所有服务器证书。
I don't want to do this, though, because this same code will be rolled out to production and it seems sloppy to me to allow all certificates to validate carte blanche.
ServicePointManager.ServerCertificateValidationCallback =
delegate(object sender, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; };
我不想这么做, 因为这样的代码放到生产环境允许所有证书验证通过太过敷衍和马虎并且不负责任。
So, I set out to download the internal SSL certificate and install it in the client computer's Trusted Root Certification Authorities cache. That still doesn't work!
所以, 我下载了内网证书并且在客户端计算机安装到了信任的整数缓存, 但是依然不正常。
Thanks to Ferry Onderwater's entry at http://www.arcencus.nl/Blogs/tabid/105/EntryID/39/Default.aspx, I see now where I went astray. By default, the Certificate snap-in installs certificates for the current user only. I needed all users to trust the certificate.
感谢 Ferry Onderwater's 的 http://www.arcencus.nl/Blogs/tabid/105/EntryID/39/Default.aspx 这片文章, 看起来是我现在想要的, 因为默认情况下,整数是安装在当前用户的, 我需要让所有用户都信任这个证书。
解决方案:
- 启动一个MMC.
- File --> Add/Remove Snap-In... 文件-->添加删除 单元
- Click Add... 点击添加
- Choose Certificates and click Add. 选择证书并添加
- Check the "Computer Account" radio button. Click Next. 选择计算机 账号 按钮 点击下一步
- Choose the client computer in the next screen. Click Finish. 选择客户端计算机在下一个屏幕, 点击完成
- Click Close. 点击关闭
- Click OK. 点击确定
- NOW install the certificate into the Trusted Root Certification Authorities certificate store. This will allow all users to trust the certificate. 现在 安装证书到信任的根证书授权证书存储 (不同的系统中文翻译不太一样, 大概意思明白就行。 ) 然后允许所有证书信任此证书。