SSL/TLS 部署为 Azure 应用服务时连接不起作用
SSL/TLS connections not working when deployed as Azure App Service
我的团队有一个当前部署为 Azure 云服务的应用程序。该应用程序运行良好,但在部署为应用程序服务(作为持续的 Web 作业)后,我们看到许多类型的 TLS 连接失败。 TLS 证书加载到 HTTPS 客户端和 TCP 套接字客户端。 运行 作为应用服务时,为什么这些会中断?
TCP:
System.ComponentModel.Win32Exception (0x80004005): The credentials supplied to the package were not recognized
System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
HTTP:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace ---
System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
System.Net.HttpWebRequest.GetRequestStream()
远程证书:
-----BEGIN CERTIFICATE-----
MIIHMDCCBhigAwIBAgIQTVJjt9EMcV3VkbZ5cKqBNzANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNzAxMDkwMDAwMDBaFw0yMDAxMTMyMzU5NTlaMIGJMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHQXJpem9uYTEQMA4GA1UEBwwHUGhvZW5peDEpMCcGA1UECgwgQmVzdCBXZXN0ZXJuIEludGVybmF0aW9uYWwsIEluYy4xDzANBgNVBAsMBkJXSSBJVDEaMBgGA1UEAwwRKi5iZXN0d2VzdGVybi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfGMbiDXX6nJRxXqUuRXNaRX89lhEDmfEZkhdIcVBcaOiplb/e+lECPVtQt9+b8e8P+cOcz8vkH7tK5v/z0kkzjnoewVZCpXUHjrlJ7zjMgxPAS6oXR92UMQuVF2t0FbYDQpVOH5Sd5tB/nIiTz2bkTL+9ugUNeXNZGxGcXJOQGbpCB2s+a85bqy1Fd8R2apfKmBNrYRGHzW/WmuWaJBBjnKJDLjDuT/zdhrlwmNGerKNsxVNDycWKdoWTvR0Kc79vVuy8yKn3iMvti87xlFOhKtKupJeQdJZrGOD7fxXTwrXNU2f+Xs9AzaEnHk8OONBLNyGaDEnnQKJ1cDqoMHEXAgMBAAGjggPXMIID0zCBhgYDVR0RBH8wfYIVKi5kZXYuYmVzdHdlc3Rlcm4uY29tghMqLmguYmVzdHdlc3Rlcm4uY29tghQqLnFhLmJlc3R3ZXN0ZXJuLmNvbYIVKi51YXQuYmVzdHdlc3Rlcm4uY29tghEqLmJlc3R3ZXN0ZXJuLmNvbYIPYmVzdHdlc3Rlcm4uY29tMAkGA1UdEwQCMAAwbgYDVR0gBGcwZTBjBgZngQwBAgIwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBQrmjWuARg4MOFwegXgEXajzr2QFDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vdGcuc3ltY2IuY29tL3RnLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGcuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdGcuc3ltY2IuY29tL3RnLmNydDCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFZg/5pBAAABAMARjBEAiAO/RJNQohPu9QH3jhKEAauOhwgipewvLI46YdajWVXhwIgGVLL+3CzMnstr3dbpTg4pTLPTQMLj7qFZhv7SjrzNOQAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVmD/mlVAAAEAwBHMEUCIQC/THA9utbL280ZvItjzqQ2RzwByfujkNfva5c9LW/52QIgc6AqANaG+4ZX7JdnTcSXZWxASM+bQYzR3Yjg+EXRoGUAdQC8eOHfxfY8aEZJM02hD6FfCXlpIAnAgbTz9pF/Ptm4pQAAAVmD/mn2AAAEAwBGMEQCICOuhzZtHyvKhRuVkMSYlppmuXKWbhVYkgekN+wbnphSAiAwhIV7WJtGM8yhvvUmUj28Vle6taNvoB9YDF8uv/Z6BwB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWYP+aSMAAAQDAEgwRgIhAJI8jzswB8cmOXVp8IKLspA7Orq8MGmOc+3cv0U/i0T8AiEAszn07XmjFxWBztILLpNTo4IRXUhyFaeh8BjyzFLk+2EwDQYJKoZIhvcNAQELBQADggEBACcA2n8ltg34ZZiNkUmefNja1sZ/9tXJzROmCXkrjFE8zuUwKp0Ie7w5T0DYpdolvb5OvVG05C5Yo7Uke086XzYroFWnU+bcQIdn57cZKc5+aOuAhofIGouKi99srXjJuNatT/K0q1XKEkjMB8VYLHELXsFixwxRQz1MDeEEw+9+AS09qkKfflCoWvmerk8QXwxWwbMGvdO+PI21sw12dHk0bLUuIRriSbga8/PbE/sUM4vPKxMiimDUhwp7vjan06XtjsjHZryGbiNrB77iJH69ob8cKNzcgxM9+MdoqFV+EgC33iaTgSW2wL2w2s64IoJHWLbagec3qAcqySO+4Ng=
-----END CERTIFICATE-----
thawte 主根 CA - G3 带有指纹F18B538D1BE903B6A6F056435B171589CAF36BF2 的证书不存在于 App Service worker 的受信任根存储中,因此远程证书验证失败。叶证书(中间)也丢失了。
这不是什么好消息。我看到两个选项,build a chain on-the-fly (which loads the missing CA cert from disk), or blindly return true from WebRequestHandler and its ServerCertificateValidationCallback delegate property.
注意:
我在第一部分的某个地方确实有一个工作样本,请告诉我是否应该查找它。本质上:
- 将丢失的根 CA 从磁盘加载到 X509Certificate2
- 构建一条链并将其添加到
- 在
WebRequestHandler 中传递给ServerCertificateValidationCallback
将此添加到您的应用服务门户中的应用设置
WEBSITE_LOAD_CERTIFICATES = *
- 即使您没有在门户网站的 SSL 证书区域加载证书,您仍然需要它
- 这将影响该应用服务的 Web 作业
我的团队有一个当前部署为 Azure 云服务的应用程序。该应用程序运行良好,但在部署为应用程序服务(作为持续的 Web 作业)后,我们看到许多类型的 TLS 连接失败。 TLS 证书加载到 HTTPS 客户端和 TCP 套接字客户端。 运行 作为应用服务时,为什么这些会中断?
TCP:
System.ComponentModel.Win32Exception (0x80004005): The credentials supplied to the package were not recognized
System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
HTTP:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace ---
System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
System.Net.HttpWebRequest.GetRequestStream()
远程证书:
-----BEGIN CERTIFICATE-----
MIIHMDCCBhigAwIBAgIQTVJjt9EMcV3VkbZ5cKqBNzANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNzAxMDkwMDAwMDBaFw0yMDAxMTMyMzU5NTlaMIGJMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHQXJpem9uYTEQMA4GA1UEBwwHUGhvZW5peDEpMCcGA1UECgwgQmVzdCBXZXN0ZXJuIEludGVybmF0aW9uYWwsIEluYy4xDzANBgNVBAsMBkJXSSBJVDEaMBgGA1UEAwwRKi5iZXN0d2VzdGVybi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfGMbiDXX6nJRxXqUuRXNaRX89lhEDmfEZkhdIcVBcaOiplb/e+lECPVtQt9+b8e8P+cOcz8vkH7tK5v/z0kkzjnoewVZCpXUHjrlJ7zjMgxPAS6oXR92UMQuVF2t0FbYDQpVOH5Sd5tB/nIiTz2bkTL+9ugUNeXNZGxGcXJOQGbpCB2s+a85bqy1Fd8R2apfKmBNrYRGHzW/WmuWaJBBjnKJDLjDuT/zdhrlwmNGerKNsxVNDycWKdoWTvR0Kc79vVuy8yKn3iMvti87xlFOhKtKupJeQdJZrGOD7fxXTwrXNU2f+Xs9AzaEnHk8OONBLNyGaDEnnQKJ1cDqoMHEXAgMBAAGjggPXMIID0zCBhgYDVR0RBH8wfYIVKi5kZXYuYmVzdHdlc3Rlcm4uY29tghMqLmguYmVzdHdlc3Rlcm4uY29tghQqLnFhLmJlc3R3ZXN0ZXJuLmNvbYIVKi51YXQuYmVzdHdlc3Rlcm4uY29tghEqLmJlc3R3ZXN0ZXJuLmNvbYIPYmVzdHdlc3Rlcm4uY29tMAkGA1UdEwQCMAAwbgYDVR0gBGcwZTBjBgZngQwBAgIwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBQrmjWuARg4MOFwegXgEXajzr2QFDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vdGcuc3ltY2IuY29tL3RnLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGcuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdGcuc3ltY2IuY29tL3RnLmNydDCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFZg/5pBAAABAMARjBEAiAO/RJNQohPu9QH3jhKEAauOhwgipewvLI46YdajWVXhwIgGVLL+3CzMnstr3dbpTg4pTLPTQMLj7qFZhv7SjrzNOQAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVmD/mlVAAAEAwBHMEUCIQC/THA9utbL280ZvItjzqQ2RzwByfujkNfva5c9LW/52QIgc6AqANaG+4ZX7JdnTcSXZWxASM+bQYzR3Yjg+EXRoGUAdQC8eOHfxfY8aEZJM02hD6FfCXlpIAnAgbTz9pF/Ptm4pQAAAVmD/mn2AAAEAwBGMEQCICOuhzZtHyvKhRuVkMSYlppmuXKWbhVYkgekN+wbnphSAiAwhIV7WJtGM8yhvvUmUj28Vle6taNvoB9YDF8uv/Z6BwB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWYP+aSMAAAQDAEgwRgIhAJI8jzswB8cmOXVp8IKLspA7Orq8MGmOc+3cv0U/i0T8AiEAszn07XmjFxWBztILLpNTo4IRXUhyFaeh8BjyzFLk+2EwDQYJKoZIhvcNAQELBQADggEBACcA2n8ltg34ZZiNkUmefNja1sZ/9tXJzROmCXkrjFE8zuUwKp0Ie7w5T0DYpdolvb5OvVG05C5Yo7Uke086XzYroFWnU+bcQIdn57cZKc5+aOuAhofIGouKi99srXjJuNatT/K0q1XKEkjMB8VYLHELXsFixwxRQz1MDeEEw+9+AS09qkKfflCoWvmerk8QXwxWwbMGvdO+PI21sw12dHk0bLUuIRriSbga8/PbE/sUM4vPKxMiimDUhwp7vjan06XtjsjHZryGbiNrB77iJH69ob8cKNzcgxM9+MdoqFV+EgC33iaTgSW2wL2w2s64IoJHWLbagec3qAcqySO+4Ng=
-----END CERTIFICATE-----
thawte 主根 CA - G3 带有指纹F18B538D1BE903B6A6F056435B171589CAF36BF2 的证书不存在于 App Service worker 的受信任根存储中,因此远程证书验证失败。叶证书(中间)也丢失了。
这不是什么好消息。我看到两个选项,build a chain on-the-fly (which loads the missing CA cert from disk), or blindly return true from WebRequestHandler and its ServerCertificateValidationCallback delegate property.
注意: 我在第一部分的某个地方确实有一个工作样本,请告诉我是否应该查找它。本质上:
- 将丢失的根 CA 从磁盘加载到 X509Certificate2
- 构建一条链并将其添加到
- 在
WebRequestHandler中传递给
ServerCertificateValidationCallback
将此添加到您的应用服务门户中的应用设置
WEBSITE_LOAD_CERTIFICATES = *
- 即使您没有在门户网站的 SSL 证书区域加载证书,您仍然需要它
- 这将影响该应用服务的 Web 作业