我正在尝试使用证书验证与C#驱动程序 Build 与MongoDB的安全连接,但我收到此错误:
无法连接到服务器localhost:27017:无法从传输连接读取数据:已 Build 的连接已被主机中的软件中止 .
下面是MongoDB的错误:
[initandlisten] connection accepted from 127.0.0.1:26163 #2 (1 connection now open)
[conn2] ERROR: no SSL certificate provided by peer; connection rejected
[conn2] SocketException handling request, closing client connection: 9001 socket exception [CONNECT_ERROR]
当我通过mongo shell连接MongoDB并使用证书时它可以工作 .
var connectionString = "mongodb://localhost";
var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString));
clientSettings.SslSettings = new SslSettings();
clientSettings.UseSsl = true;
clientSettings.SslSettings.ClientCertificates = new List<X509Certificate>()
{
new X509Certificate("cert.pem")
};
clientSettings.SslSettings.EnabledSslProtocols = SslProtocols.Default;
clientSettings.SslSettings.ClientCertificateSelectionCallback =
(sender, host, certificates, certificate, issuers) => clientSettings.SslSettings.ClientCertificates.ToList()[0];
clientSettings.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
var client = new MongoClient(clientSettings);
有谁知道如何使这个工作?
1 回答
意识到这已经过时但是为了别人的利益......
如果您未处理证书吊销列表,则需要关闭该设置,因为默认情况下已启用该设置 .
接下来,您提供给驱动程序的X509Certificate2必须包含私钥 . .NET似乎没有在pem文件中获取私钥,因此您需要提供.pfx格式的证书并包含密码 .
要在openssl中创建一个pfx文件:
OpenSSL将提示您输出密码,在创建X509Certificate2对象时使用它: