The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure
2016-05-25 10:15
507 查看
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系
方法一:
1,先加入命名空间:
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
2,再重载CheckValidationResult方法,返回true
public bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{ // 总是接受
return true;
}
3,然后在HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(url);前面加上如下一行代码:
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CheckValidationResult);//验证服务器证书回调自动验证
方法二:
,如果在win2003 上使用fiddler 打开链接会弹出对话框提示:
Session #8: The remote server (mapi.alipay.com) presented a certificate that did not validate, due to RemoteCertificateChainErrors.
0 - 无法验证证书的签名。。。如果忽略错误则可正常访问。
原因:证书没官方签名?
We checked the credentials passed; it seems everything was fine. But still it was failing whenever we make the request to the server with the above same message. When we checked their environment, we found customer uses the self-signed certificate on the
server. This is because, by default, .NET checks whether SSL certificates are signed by a certificate from the Trusted Root Certificate store.
解决方案:
请求之前加上下面得代码即可,简洁实用
1.
2.
这样做会潜在一定风险
所有验证都会通过,不论是否证书是无效得。whatever
,还有其他方案? 或者针对特定链接这样做就好了
1.This will accept all certificates, regardless of why they are invalid, which resolved the customer’s issue.
By validating the X509 certificate provided by the computer running Microsoft Exchange Server 2007 for SSL over HTTP, you help to provide a layer of security for the client application. You must validate certificates before you can start programming with
Exchange Web Services proxy classes. If the callback is not set up, the first call will fail with a certificate error.
2.This solution could be potential security threat as you are turning off the SSL certificate validation. If this is production code, understand the risk of the server you are connecting to.
方法三:
今天写程序的时候调用到一个第三方的DLL文件,本机调试一切都正常,但是程序不是到服务器以后一直提示一个BUG:"基础连接已经关闭: 未能为SSL/TLS 安全通道建立信任关系"。
后来把DLL文件进行反编译,发现是在获得请求的时候出错了。
引用
WebResponse response = WebRequest.Create("https://……").GetResponse();
于是在服务器上用浏览器打开上面的地址,发现会弹出一个确认证书的窗口,看来是证书问题。
在网上一顿搜索,发现了一个决绝办法甚是好用,而且很简单,在请求之前添加一行代码。
C#代码
ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
其中AcceptAllCertificatePolicy需要自己定义:
C#代码
internal class AcceptAllCertificatePolicy : ICertificatePolicy
{
public AcceptAllCertificatePolicy()
{
}
public bool CheckValidationResult(ServicePoint sPoint, X509Certificate cert, WebRequest wRequest, int certProb)
{
// Always accept
return true;
}
}
以上方法虽然解决了遇到的问题,可是在VS中会提示ServicePointManager.CertificatePolicy已经被否决。由于我是一个喜欢完美的人,于是按照提示使用新的方法来处理。
改造后的代码更加简洁和明了
C#代码
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
C#代码
private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }
就这样了,一个委托搞定!
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系
方法一:
1,先加入命名空间:
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
2,再重载CheckValidationResult方法,返回true
public bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{ // 总是接受
return true;
}
3,然后在HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(url);前面加上如下一行代码:
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CheckValidationResult);//验证服务器证书回调自动验证
方法二:
英文:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
使用HttpWebRequest 访问 https://mapi.alipay.com/gateway.do?...支付宝接口时 在本机WIN10 64位环境 完全没问题,使用firefox,IE Edge打开也没问题,但是在win2003 server 上报错:基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系,用IE 无法打开链接,如果在win2003 上使用fiddler 打开链接会弹出对话框提示:
Session #8: The remote server (mapi.alipay.com) presented a certificate that did not validate, due to RemoteCertificateChainErrors.
0 - 无法验证证书的签名。。。如果忽略错误则可正常访问。
原因:证书没官方签名?
We checked the credentials passed; it seems everything was fine. But still it was failing whenever we make the request to the server with the above same message. When we checked their environment, we found customer uses the self-signed certificate on the
server. This is because, by default, .NET checks whether SSL certificates are signed by a certificate from the Trusted Root Certificate store.
解决方案:
请求之前加上下面得代码即可,简洁实用
1.
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
2.
ServicePointManager.ServerCertificateValidationCallback = new
RemoteCertificateValidationCallback
(
delegate { return true; }
);这样做会潜在一定风险
所有验证都会通过,不论是否证书是无效得。whatever
,还有其他方案? 或者针对特定链接这样做就好了
1.This will accept all certificates, regardless of why they are invalid, which resolved the customer’s issue.
By validating the X509 certificate provided by the computer running Microsoft Exchange Server 2007 for SSL over HTTP, you help to provide a layer of security for the client application. You must validate certificates before you can start programming with
Exchange Web Services proxy classes. If the callback is not set up, the first call will fail with a certificate error.
2.This solution could be potential security threat as you are turning off the SSL certificate validation. If this is production code, understand the risk of the server you are connecting to.
方法三:
今天写程序的时候调用到一个第三方的DLL文件,本机调试一切都正常,但是程序不是到服务器以后一直提示一个BUG:"基础连接已经关闭: 未能为SSL/TLS 安全通道建立信任关系"。
后来把DLL文件进行反编译,发现是在获得请求的时候出错了。
引用
WebResponse response = WebRequest.Create("https://……").GetResponse();
于是在服务器上用浏览器打开上面的地址,发现会弹出一个确认证书的窗口,看来是证书问题。
在网上一顿搜索,发现了一个决绝办法甚是好用,而且很简单,在请求之前添加一行代码。
C#代码
ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
其中AcceptAllCertificatePolicy需要自己定义:
C#代码
internal class AcceptAllCertificatePolicy : ICertificatePolicy
{
public AcceptAllCertificatePolicy()
{
}
public bool CheckValidationResult(ServicePoint sPoint, X509Certificate cert, WebRequest wRequest, int certProb)
{
// Always accept
return true;
}
}
internal class AcceptAllCertificatePolicy : ICertificatePolicy
{
public AcceptAllCertificatePolicy()
{
}
public bool CheckValidationResult(ServicePoint sPoint,
X509Certificate cert, WebRequest wRequest, int certProb)
{
// Always accept
return true;
}
}以上方法虽然解决了遇到的问题,可是在VS中会提示ServicePointManager.CertificatePolicy已经被否决。由于我是一个喜欢完美的人,于是按照提示使用新的方法来处理。
改造后的代码更加简洁和明了
C#代码
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
C#代码
private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }
private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}就这样了,一个委托搞定!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Android 地址选择器,实现省市区三级联动
- 350. Intersection of Two Arrays II [easy] (Python)
- 【C语言】动态链表建立工人档案,并输出结果
- Javascript模板引擎mustache.js详解
- 在JAVA中生成RSA秘钥对实现SSH互信
- 第二阶段 站立会议 02
- 深入浅出UML类图
- <一>dubbo框架学前原理介绍
- 使用Java抽取RTF思想
- 改变状态栏样式
- 美化加载失败的图片(Stying broken images)
- 网易视频云技术分享:linux软raid的bitmap分析
- SVN常用终端命令
- MAC地址分类
- (礼拜三log)前端开发:好用的日历插件推荐 plus table使用的注意事项
- JAVA学习之——fail-fast机制
- mustache.js的使用说明
- Backbonejs之collection
- UIBarMetrics
- TCP/IP——数据分段(分片)与重组