为什么在使用仅公开 public 密钥的证书时 TLS 握手失败?
Why TLS Handshake fails when using a certificate that exposes only public key?
TLS 握手在使用仅公开 public 密钥的证书时失败,但在使用另一个公开私钥的证书时有效。当我们使用仅公开 public 密钥的证书时,它会给出“400 Bad Request No required SSL certificate was sent”
这里的一个关键区别是,对于公开私有密钥的第二个证书,我们向网络服务授予权限,但由于第一个证书未公开私钥,我们无法向网络服务授予权限。这两个证书都已正确安装在商店中。
示例代码如下:
public string TestCall() {
try {
string url = "Some URL";
string apiKey = "Key Information";
string secret = "Key Secret";
string payload = "Timestamp";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "POST";
request.ContentType = "application/json";
request.SendChunked = false;
request.AllowAutoRedirect = true;
request.Date = DateTime.UtcNow;
var keyStore = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
keyStore.Open(OpenFlags.ReadOnly);
X509Certificate clientCertificate = keyStore.Certificates.Find(X509FindType.FindByThumbprint, ConfigurationManager.AppSettings["ThumbPrint"], true)[0];
request.ClientCertificates.Add(clientCertificate);
var authProvider = new HmacAuthProvider();
var headers = authProvider.GenerateAuthHeaders(apiKey, secret, payload, url);
foreach (var header in headers)
{
request.Headers.Add(header.Key, header.Value);
}
var response = (HttpWebResponse)request.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return responseString;
}
catch (Exception ex)
{
return ex.Message + " " + ex.StackTrace.ToString();
}
}
不知道这里缺少什么没有私钥的证书无法到达服务器。
基于证书的身份验证需要拥有相应证书的私钥。您不能仅使用 public 证书(没有私钥)进行客户端身份验证,您需要私钥,因为它用于签署 TLS 握手数据。
TLS 握手在使用仅公开 public 密钥的证书时失败,但在使用另一个公开私钥的证书时有效。当我们使用仅公开 public 密钥的证书时,它会给出“400 Bad Request No required SSL certificate was sent”
这里的一个关键区别是,对于公开私有密钥的第二个证书,我们向网络服务授予权限,但由于第一个证书未公开私钥,我们无法向网络服务授予权限。这两个证书都已正确安装在商店中。
示例代码如下:
public string TestCall() {
try {
string url = "Some URL";
string apiKey = "Key Information";
string secret = "Key Secret";
string payload = "Timestamp";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "POST";
request.ContentType = "application/json";
request.SendChunked = false;
request.AllowAutoRedirect = true;
request.Date = DateTime.UtcNow;
var keyStore = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
keyStore.Open(OpenFlags.ReadOnly);
X509Certificate clientCertificate = keyStore.Certificates.Find(X509FindType.FindByThumbprint, ConfigurationManager.AppSettings["ThumbPrint"], true)[0];
request.ClientCertificates.Add(clientCertificate);
var authProvider = new HmacAuthProvider();
var headers = authProvider.GenerateAuthHeaders(apiKey, secret, payload, url);
foreach (var header in headers)
{
request.Headers.Add(header.Key, header.Value);
}
var response = (HttpWebResponse)request.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return responseString;
}
catch (Exception ex)
{
return ex.Message + " " + ex.StackTrace.ToString();
}
}
不知道这里缺少什么没有私钥的证书无法到达服务器。
基于证书的身份验证需要拥有相应证书的私钥。您不能仅使用 public 证书(没有私钥)进行客户端身份验证,您需要私钥,因为它用于签署 TLS 握手数据。