//I use a method to ignore bad certs caused by misc errors
IgnoreBadCertificates();
// after the Ignore call i can do what ever i want...
HttpWebRequest request_data = System.Net.WebRequest.Create(urlquerystring) as HttpWebRequest;
/*
and below the Methods we are using...
*/
/// <summary>
/// Together with the AcceptAllCertifications method right
/// below this causes to bypass errors caused by SLL-Errors.
/// </summary>
public static void IgnoreBadCertificates()
{
System.Net.ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);
}
/// <summary>
/// In Short: the Method solves the Problem of broken Certificates.
/// Sometime when requesting Data and the sending Webserverconnection
/// is based on a SSL Connection, an Error is caused by Servers whoes
/// Certificate(s) have Errors. Like when the Cert is out of date
/// and much more... So at this point when calling the method,
/// this behaviour is prevented
/// </summary>
/// <param name="sender"></param>
/// <param name="certification"></param>
/// <param name="chain"></param>
/// <param name="sslPolicyErrors"></param>
/// <returns>true</returns>
private static bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}
8 回答
添加证书验证处理程序 . 返回
true
将允许忽略验证错误:IgnoreBadCertificates Method:
它失败的原因不是因为它没有签名,而是因为客户端不信任根证书 . 而不是关闭SSL验证,另一种方法是将根CA证书添加到您的应用信任的CA列表中 .
这是您的应用当前不信任的根CA证书:
----- BEGIN CERTIFICATE ----- MIIFnDCCBISgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJDWjEs MCoGA1UECgwjxIxlc2vDoSBwb8WhdGEsIHMucC4gW0nEjCA0NzExNDk4M10xHjAc BgNVBAMTFVBvc3RTaWdudW0gUm9vdCBRQ0EgMjAeFw0xMDAxMTkwODA0MzFaFw0y NTAxMTkwODA0MzFaMFsxCzAJBgNVBAYTAkNaMSwwKgYDVQQKDCPEjGVza8OhIHBv xaF0YSwgcy5wLiBbScSMIDQ3MTE0OTgzXTEeMBwGA1UEAxMVUG9zdFNpZ251bSBS b290IFFDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFz8yBxf 2gf1uN0GGXknvGHwurpp4Lw3ZPWZB6nEBDGjSGIXK0Or6Xa3ZT tVDTeUUjT133G 7Vs51D6z / ShWy 9T7a1f6XInakewyFj8PT0EdZ4tAybNYdEUO / dShg2WvUyfZfXH 0jmmZm6qUDy0VfKQfiyWchQRi / Ax6zXaU2 X3hXBfvRMr5l6zgxYVATEyxCfOLM9 a5U6lhpyCDf2Gg6dPc5Cy6QwYGGpYER1fzLGsN9stdutkwlP13DHU1Sp6W5ywtfL owYaV1bqOOdARbAoJ7q8LO6EBjyIVr03mFusPaMCOzcEn3zL5XafknM36Vqtdmqz IWR 3URAUgqE0wIDAQABo4ICaTCCAmUwgaUGA1UdHwSBnTCBmjAxoC gLYYraHR0 cDovL3d3dy5wb3N0c2lnbnVtLmN6L2NybC9wc3Jvb3RxY2EyLmNybDAyoDCgLoYs aHR0cDovL3d3dzIucG9zdHNpZ251bS5jei9jcmwvcHNyb290cWNhMi5jcmwwMaAv oC2GK2h0dHA6Ly9wb3N0c2lnbnVtLnR0Yy5jei9jcmwvcHNyb290cWNhMi5jcm WW gfEGA1UdIASB6TCB5jCB4wYEVR0gADCB2jCB1wYIKwYBBQUHAgIwgcoagcdUZW50 byBrdmFsaWZpa292YW55IHN5c3RlbW92eSBjZXJ0aWZpa2F0IGJ5bCB2eWRhbiBw b2RsZSB6YWtvbmEgMjI3LzIwMDBTYi4gYSBuYXZhem55Y2ggcHJlZHBpc3UvVGhp cyBxdWFsaWZpZWQgc3lzdGVtIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNjb3Jk aW5nIHRvIExhdyBObyAyMjcvMjAwMENvbGwuIGFuZCByZWxhdGVkIHJlZ3VsYXRp b25zMBIGA1UdEwEB / wQIMAYBAf8CAQEwDgYDVR0PAQH / BAQDAgEGMB0GA1UdDgQW BBQVKYzFRWmruLPD6v5LuDHY3PDndjCBgwYDVR0jBHwweoAUFSmMxUVpq7izwřS7gx2Nzw53ahX6RdMFsxCzAJBgNVBAYTAkNaMSwwKgYDVQQKDCPEjGVza8OhIHBv xaF0YSwgcy5wLiBbScSMIDQ3MTE0OTgzXTEeMBwGA1UEAxMVUG9zdFNpZ251bSBS b290IFFDQSAyggFkMA0GCSqGSIb3DQEBCwUAA4IBAQBeKtoLQKFqWJEgLNxPbQNN 5OTjbpOTEEkq2jFI0tUhtRx // 6zwuqJCzfO / KqggUrHBca GV / qXcNzNAlytyM71 FMV / VwgL9gBHTN / IFIw100JbciI23yFQTdF / UoEfK /米IFfirxSRi8LRERdXHTEb vwxMXIzZVXloWvX64UwWtf4Tvw5bAoPj0O1Z2ly4aMTAT2aýz184UhuZ / oGyMw eIakmFM7M7RrNki507jiSLTzuaFMCpyWOX7ULIhzY6xKdm5iQLjTvExn2JTvVChFýjUu / G0zAdLyeU4vaXdQm1A8AEiJPTd0Z9LAxL6Sq2iraLNN36 NyEK / ts3mPLL
-----结束证书-----
您可以使用解码和查看此证书
this certificate decoder或another certificate decoder
允许所有证书非常强大,但也可能是危险的 . 如果您只想允许有效证书加上某些证书,可以这样做 .
Update:
如何在Chrome中获取
cert.GetCertHashString()
值:单击地址栏中的
Secure
或Not Secure
.然后单击Certificate - > Details - > Thumbprint并复制该值 . 记得做
cert.GetCertHashString().ToLower()
.在客户端配置中禁用ssl证书验证 .
这段代码对我有用 . 我不得不添加TLS2,因为这就是我感兴趣的URL所使用的 .
如果您直接使用套接字并作为客户端进行身份验证,那么Service Point Manager回调方法赢得了't work. Here' s对我有用的功能 . PLEASE USE FOR TESTING PURPOSES ONLY .
这里的关键是在SSL流的构造函数中提供远程证书验证回调权限 .
进一步扩展BIGNUM的帖子 - 理想情况下,你想要一个能够模拟你在 生产环境 中看到的条件并修改你的代码的解决方案将不会这样做,如果你在部署代码之前忘记了代码,那么可能会很危险 .
您将需要某种自签名证书 . 如果您知道自己在做什么,可以使用已发布的二进制BIGNUM,但如果不知道,您可以去寻找证书 . 如果你正在使用IIS Express,你将拥有其中一个,你只需要找到它 . 打开Firefox或您喜欢的任何浏览器,然后转到您的开发网站 . 您应该能够从URL栏查看证书信息,并且根据您的浏览器,您应该能够将证书导出到文件中 .
接下来,打开MMC.exe,然后添加“证书”管理单元 . 将您的证书文件导入受信任的根证书颁发机构商店,这就是您应该需要的 . 它的重要的是要确保它进入该商店而不是像“个人”这样的其他商店 . 如果您不熟悉MMC或证书,则有许多网站都会提供有关如何执行此操作的信息 .
现在,您的计算机作为一个整体将隐式信任它自己生成的任何证书,您不需要添加代码来专门处理它 . 当您转到 生产环境 时,如果您在那里安装了正确的有效证书,它将继续工作 . 不要在 生产环境 服务器上执行此操作 - 这样做会很糟糕,除了服务器本身以外的任何其他客户端都不会 .