C# "The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors"
C# "The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors"
需要使用 pfx 证书将消息从 .net core 发布到 aws。连接到客户端 ID 时出错。
我从 worker service 得到的源代码如下
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
DateTime registryValue = DateTime.Now;
try
{
string application = Configuration[Constants.Application];
string sourceName = Configuration[Constants.SourceName];
string certificateSubject = Configuration[Constants.CertificateSubject];
string iotEndPoint = Configuration[Constants.IotEndpoint];
int brokerPort = Convert.ToInt32(Configuration[Constants.BrokerPort]);
string topic = Configuration[Constants.Topic];
string ggcRootCaCertificate = Configuration[Constants.GgcRootCaCertificate];
string storeName = Configuration[Constants.X509Store];
string clientId = Configuration[Constants.ClientId];
Logger.LogInformation($"ggcRootCaCertificate: {ggcRootCaCertificate}.");
string machineName = Environment.MachineName;
EventLog eventLog = new EventLog(application, machineName);
EventLogEntryCollection eventLogEntryCollection = eventLog.Entries;
//int logCount = eventLogEntryCollection.Count;
//if (logCount <= 0)
//{
// Logger.LogInformation("No Event Logs in the Log :");
//}
X509Store store = new X509Store(storeName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var clientCert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(x =>
x.SubjectName.Name.Contains(certificateSubject));
if (clientCert == null)
{
Logger.LogInformation("Certificate not installed in the system");
}
X509Certificate x509Certificate = X509Certificate.CreateFromCertFile(Path.Join(ggcRootCaCertificate));
MqttClient mqttClient = new MqttClient(iotEndPoint, brokerPort, true, x509Certificate, clientCert, MqttSslProtocols.TLSv1_2);
if (clientId == null)
{
clientId = machineName;
}
mqttClient.ProtocolVersion = MqttProtocolVersion.Version_3_1_1;
mqttClient.Connect(clientId);
Logger.LogInformation($"Connected to AWS IoT with client id: {clientId}.");
RegistryKey registryKey = Registry.LocalMachine.CreateSubKey(Constants.RegistryPath);
DateTime calculatedLogTime = DateTime.Now;
EventLog log = new EventLog(application);
var totalEntries = log.Entries.Cast<EventLogEntry>()
.Where(x => x.Source == sourceName)
.Select(x => new
{
x.MachineName,
x.Site,
x.Source,
x.Message,
x.TimeGenerated,
x.TimeWritten
}).ToList();
registryValue = Convert.ToDateTime(registryKey.GetValue(Constants.LastEventLogFetch));
if (totalEntries.Count > 0)
{
int i = 0;
List<dynamic> termsList = new List<dynamic>();
if (registryValue == null || registryValue == DateTime.MinValue)
{
var Entries = totalEntries.OrderByDescending(x => x.TimeGenerated).FirstOrDefault();
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime.AddMinutes(-1));
}
else
{
calculatedLogTime = registryValue.AddMinutes(1);
var Entries = totalEntries.Where(x => (x.TimeGenerated <= calculatedLogTime && x.TimeGenerated >= registryValue)).ToList();
if (Entries.Count > 0)
{
foreach (var item in Entries.GetRange(0, Entries.Count))
{
termsList.Add(item.Message + "Message from vm 30.31");
}
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime);
}
else
{
Logger.LogInformation("Event log count is zero. Can't send message");
}
}
}
else
{
Logger.LogInformation("Event log count is zero");
}
}
catch (Exception ex)
{
Logger.LogInformation(ex.Message, DateTimeOffset.Now);
Console.WriteLine(ex.Message);
}
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
if (registryValue > DateTime.Now)
{
await Task.Delay(60000, stoppingToken);
Logger.LogInformation("Registry value is greater than current time. So task delay will be one minue");
}
else
{
await Task.Delay(1000, stoppingToken);
Logger.LogInformation("Registry value is less than current time. So task delay will be one second");
}
}
}
Json设置如下,
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AccuTabSettings": {
"Application": "name",
"SourceName": "Source",
"CertificateSubject": "CN=AWS IoT Certificate",
"IotEndpoint": "1.1.1.1",
"BrokerPort": 800,
"Topic": "device/client_id",
"GgcRootCaCertificate": "F:\Certificates\ggc-root.ca.crt",
"X509Store": "MY",
"ClientId": "pqr"
}
}
连接客户端时出现问题 =>“根据验证程序,远程证书无效:RemoteCertificateNameMismatch、RemoteCertificateChainErrors”
RemoteCertificateNameMismatch
错误的主要问题是远程证书中指定的主题与您要连接的地址之间的主题不匹配。我怀疑远程证书是针对某些 DNS 名称颁发的,但您正在连接到显然未在证书 subject/SAN 扩展名中指定的 IP 地址。您需要确保远程证书的 SAN 扩展包含您要连接的地址。
没有足够的信息来调试 RemoteCertificateChainErrors
错误。您需要附加调试器并检索准确的错误。
需要使用 pfx 证书将消息从 .net core 发布到 aws。连接到客户端 ID 时出错。
我从 worker service 得到的源代码如下
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
DateTime registryValue = DateTime.Now;
try
{
string application = Configuration[Constants.Application];
string sourceName = Configuration[Constants.SourceName];
string certificateSubject = Configuration[Constants.CertificateSubject];
string iotEndPoint = Configuration[Constants.IotEndpoint];
int brokerPort = Convert.ToInt32(Configuration[Constants.BrokerPort]);
string topic = Configuration[Constants.Topic];
string ggcRootCaCertificate = Configuration[Constants.GgcRootCaCertificate];
string storeName = Configuration[Constants.X509Store];
string clientId = Configuration[Constants.ClientId];
Logger.LogInformation($"ggcRootCaCertificate: {ggcRootCaCertificate}.");
string machineName = Environment.MachineName;
EventLog eventLog = new EventLog(application, machineName);
EventLogEntryCollection eventLogEntryCollection = eventLog.Entries;
//int logCount = eventLogEntryCollection.Count;
//if (logCount <= 0)
//{
// Logger.LogInformation("No Event Logs in the Log :");
//}
X509Store store = new X509Store(storeName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var clientCert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(x =>
x.SubjectName.Name.Contains(certificateSubject));
if (clientCert == null)
{
Logger.LogInformation("Certificate not installed in the system");
}
X509Certificate x509Certificate = X509Certificate.CreateFromCertFile(Path.Join(ggcRootCaCertificate));
MqttClient mqttClient = new MqttClient(iotEndPoint, brokerPort, true, x509Certificate, clientCert, MqttSslProtocols.TLSv1_2);
if (clientId == null)
{
clientId = machineName;
}
mqttClient.ProtocolVersion = MqttProtocolVersion.Version_3_1_1;
mqttClient.Connect(clientId);
Logger.LogInformation($"Connected to AWS IoT with client id: {clientId}.");
RegistryKey registryKey = Registry.LocalMachine.CreateSubKey(Constants.RegistryPath);
DateTime calculatedLogTime = DateTime.Now;
EventLog log = new EventLog(application);
var totalEntries = log.Entries.Cast<EventLogEntry>()
.Where(x => x.Source == sourceName)
.Select(x => new
{
x.MachineName,
x.Site,
x.Source,
x.Message,
x.TimeGenerated,
x.TimeWritten
}).ToList();
registryValue = Convert.ToDateTime(registryKey.GetValue(Constants.LastEventLogFetch));
if (totalEntries.Count > 0)
{
int i = 0;
List<dynamic> termsList = new List<dynamic>();
if (registryValue == null || registryValue == DateTime.MinValue)
{
var Entries = totalEntries.OrderByDescending(x => x.TimeGenerated).FirstOrDefault();
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime.AddMinutes(-1));
}
else
{
calculatedLogTime = registryValue.AddMinutes(1);
var Entries = totalEntries.Where(x => (x.TimeGenerated <= calculatedLogTime && x.TimeGenerated >= registryValue)).ToList();
if (Entries.Count > 0)
{
foreach (var item in Entries.GetRange(0, Entries.Count))
{
termsList.Add(item.Message + "Message from vm 30.31");
}
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime);
}
else
{
Logger.LogInformation("Event log count is zero. Can't send message");
}
}
}
else
{
Logger.LogInformation("Event log count is zero");
}
}
catch (Exception ex)
{
Logger.LogInformation(ex.Message, DateTimeOffset.Now);
Console.WriteLine(ex.Message);
}
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
if (registryValue > DateTime.Now)
{
await Task.Delay(60000, stoppingToken);
Logger.LogInformation("Registry value is greater than current time. So task delay will be one minue");
}
else
{
await Task.Delay(1000, stoppingToken);
Logger.LogInformation("Registry value is less than current time. So task delay will be one second");
}
}
}
Json设置如下,
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AccuTabSettings": {
"Application": "name",
"SourceName": "Source",
"CertificateSubject": "CN=AWS IoT Certificate",
"IotEndpoint": "1.1.1.1",
"BrokerPort": 800,
"Topic": "device/client_id",
"GgcRootCaCertificate": "F:\Certificates\ggc-root.ca.crt",
"X509Store": "MY",
"ClientId": "pqr"
}
}
连接客户端时出现问题 =>“根据验证程序,远程证书无效:RemoteCertificateNameMismatch、RemoteCertificateChainErrors”
RemoteCertificateNameMismatch
错误的主要问题是远程证书中指定的主题与您要连接的地址之间的主题不匹配。我怀疑远程证书是针对某些 DNS 名称颁发的,但您正在连接到显然未在证书 subject/SAN 扩展名中指定的 IP 地址。您需要确保远程证书的 SAN 扩展包含您要连接的地址。
没有足够的信息来调试 RemoteCertificateChainErrors
错误。您需要附加调试器并检索准确的错误。