X.509证书CN = localhost链构建失败。该
使用的证书具有无法验证的信任链。
替换证书或更改certificateValidationMode。一个
证书链已处理,但已在根证书中终止
信任提供者不信任。
我阅读了很多关于certificateValidationMode的信息以及如何解决这个问题,但没有任何效果。我在behavior/servicebehaviors/behavior/serviceCredentials
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
但它也给了我这个错误,我试图重新生成客户端配置,没有结果。我认为它验证客户端证书是否由受信任的机构(ChainTrust)发出,我决定将服务器证书放在受信任的根权限中,没有结果。我正在使用邮件安全性和用户名客户端凭据类型。在客户端,我使用生成的配置中硬编码的公钥
提前谢谢。
修改
自定义证书验证器也不起作用
服务器配置:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<!--Default service configuration-->
<behavior>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata />
</behavior>
<!--UserName authentication service behavior-->
<behavior name="ServiceCredentialsBehavior">
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
<serviceCertificate findValue="cn=DogCert" storeName="TrustedPeople" storeLocation="LocalMachine" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Authentication.CustomUserNameValidator, Authentication " />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<!-- This section is optional with the default configuration
model introduced in .NET Framework 4 -->
<service name="Service" behaviorConfiguration="ServiceCredentialsBehavior">
<endpoint address="" binding="wsHttpBinding" contract="IService" bindingConfiguration="MessageAndUserName"/>
<!--Metdata endpoint-->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name ="MessageAndUserName">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
客户端配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:55027/FirstServiceWeb/Service.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
contract="DogService.IService" name="WSHttpBinding_IService">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAPPbss8Fpeag8LFEZvqzmuovAsS4gAAAAAQAAALAEAAAwggSsMIIClKADAgECAhBmJYRNJwKvrk4Tm6X1JzO4MA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNVBAMTB0RvZ0NlcnQwHhcNMTEwOTI2MjEwMDAwWhcNMjExMDAzMjEwMDAwWjASMRAwDgYDVQQDEwdEb2dDZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA423UysQYaj60oQS1S/YgivPjueH2PK+Jfvor+IHRthgw5DXNFNBETlARcXF9m2cZl5VOnh8BBZMV4liEQWMdGpJW+kpcppgFy9qScFe9qtEXsmRH86MYlSdhlPWazD9f2GCIEDkei8N2vSpV0MpdjPcHzbpKTP8LI0Vn2B1gs5iPIvOmzyQ6fQja91n2Agh6HDJu5QAqJdS1lXixeXcNTdPP6x/RtpymwScVTglma+/2pKjbTFnHxAJJwf2S2UsnctgkGRT5hIpPAhpNLssb/QBfrXKP2oAsmorgDdesDHmhxK9wrZCofvpxk2YdDDFzZgutuYjs4G02+YtsefZMgWMeOQrBXCdQaUJxwmwPhzpZ3ArcanCGP13VIc8Af5e3pMH2ixlY8JM+DqkVJAzboN66jvzR1MkiWstOHogAFNvZCNmiHFUaI5RH1P3QV95yWVtrB3Nk8F9lVQTEovvEEztLtiqdozSJTtz57UXaZnOVFRmzD4x+o+2Edyn3DL4JPu/WH+RYE102mINbrIb7BDtTNeKVcDDX/F1atTcoTvFqbhPW0WaYgvW/22gA0FkqEr0SQ7sx8IjKKO5LY95qb4FVaiW0OR6PEI2WSsi/PwaZCN9ucJ8d3quU3XvVuk6hSlkYZjepWe9ECUYKXrfy94JylHhPOC7itwG8eSKrkxcCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAiuxj6obfs3t9sCXEIPFW/XdmgMzMSC5nfrO8/AMPb85Z0vIs3bAQAZFKbZp+N2YemIBFjkmfNPy1DzNCjxT/Iqq7xEM1FcMoC3OjxYl5jKsGnnESqWaU5THMjCLh0zqyeWjGTkAcvDPrnw7mnSoIKqGqjdQq7yw9qDDiDLENZqor4hfSJAeqBIMbsXMYg91VQ2MvFQGzqis+Ch6kFv9dDPnNk6Hy3/v910D1Usgn/WNbZZ0gQYn6d5ZSNY7ioJSekBDrR4v0jiC8zaMUvVsqAMgObLG9KpIUlTNiQZ9pb0Kr2sR+gxMiVCnShdhUQleesCXR34uUtWWc1GhCyGS3ceiECqafPG+YOd6IkHg3Jha0A9WRyu/hJC5mnRDUDDqGHtJuP80dgMmBzkHAFbG2FVSyi6sqI+r3q8X4PNFmQei3KxMNYZNDBbARAWZzainfQ8qUpoIs63m9c8u95dSJFfnZN+mlqyRyaX71E+xzzp8l7vkEhVxxU+/6+8x/jAA7MEOX6Jd795KyK0xQ7IuO4eAJZMfLGtElogPDMcoHlBG+jjjMOCg6M+Jwqgs9KFKXCp3jlUCYy4BgqSJotMsyH3t+9azSayYF9AsjyKZvTL/kcbdIJ/E11mH+aFiE5Jk01aOtsCN0ZxXLivBFOUvcYevgRusiYO9l3x59HfCG9rA=" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Web服务托管在IIS中。使用PluralSight SelfCert生成证书 提前谢谢。