我有一个简单的web服务调用,由。net (c#) 2.0 Windows应用程序生成,通过Visual Studio生成的web服务代理,用于同样用c#(2.0)编写的web服务。这种方法已经有效了好几年,并且在十几个正在运行的地方继续有效。
在新地点的新安装遇到了问题。当试图调用web服务时,它失败了,消息说:
无法为SSL/TLS安全建立信任关系 通道
web服务的URL使用SSL (https://)——但这已经在许多其他位置工作了很长时间(并继续这样做)。
我该往哪里看?这可能是Windows和。net之间的安全问题,是此安装独有的吗?如果是,我在哪里建立信任关系?我迷路了!
当前回答
“一网打尽”的简单解决方案是:
System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
sebastian-castaldi的解决方案更详细一些。
其他回答
如果你使用的是Windows 2003,你可以这样做:
Open Microsoft Management Console (Start --> Run --> mmc.exe); Choose File --> Add/Remove Snap-in; In the Standalone tab, choose Add; Choose the Certificates snap-in, and click Add; In the wizard, choose the Computer Account, and then choose Local Computer. Press Finish to end the wizard; Close the Add/Remove Snap-in dialog; Navigate to Certificates (Local Computer) and choose a store to import: If you have the Root CA certificate for the company that issued the certificate, choose Trusted Root Certification Authorities; If you have the certificate for the server itself, choose Other People Right-click the store and choose All Tasks --> Import Follow the wizard and provide the certificate file you have; After that, simply restart IIS and try calling the web service again.
参考:http://www.outsystems.com/NetworkForums/ViewTopic.aspx?Topic=Web-Services: -Could-not-establish-trust-relationship-for-the-SSL / TLS -…
我有这个错误运行在一个web服务器的url如下:
a.b.domain.com
但是没有证书,所以我找了一个DNS
a_b.domain.com
在这里提示一下这个解因为它在谷歌中出现在最上面。
我的解(VB。Net,这个应用程序的“登台”(UAT)版本需要与“登台”证书一起工作,但不影响请求一旦他们在现场):
...
Dim url As String = ConfigurationManager.AppSettings("APIURL") & "token"
If url.ToLower().Contains("staging") Then
System.Net.ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications
End If
...
Private Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
Return True
End Function
我个人最喜欢以下解决方案:
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
... 然后在请求获取错误之前,执行以下操作
System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
这是在咨询卢克的解决方案后发现的
试试这个:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
请注意,您必须至少使用4.5 .NET框架
