使用本地计算机的客户端证书时无法创建 SSL/TLS 安全通道
Could not create SSL/TLS secure channel when using client certificate from local machine
我正在调用需要客户端证书的 API。将客户端证书安装到 Current User 的个人存储中后,API 调用成功。但是当客户端证书安装到 Local Machine 的个人存储中时,调用失败并显示:
The request was aborted: Could not create SSL/TLS secure channel.
设置代码如下:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return true; };
const StoreName storeName = StoreName.My;
const X509FindType findType = X509FindType.FindByThumbprint;
const string findValue = "9ce5b57fe576b9a0933b426347e74e5583da59dd";
var certCurrentUser = GetCertificate(storeName, StoreLocation.CurrentUser, findType, findValue);
var certLocalMachine = GetCertificate(storeName, StoreLocation.LocalMachine, findType, findValue);
对 GetCertificate() 的两次调用都成功并且证书看起来 相同。 (它们是从同一个 .pfx 安装的)
当使用 certCurrentUser 进行此调用时,它会成功:
WebRequestHandler handler = new WebRequestHandler();
handler.ClientCertificates.Add(certCurrentUser);
using (var client = new HttpClient(handler))
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var response = await client.GetAsync("https://preprod.xconnectcollection.ce.corp.com/odata");
}
但是使用certLocalMachine调用时失败了:
WebRequestHandler handler = new WebRequestHandler();
handler.ClientCertificates.Add(certLocalMachine);
using (var client = new HttpClient(handler))
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var response = await client.GetAsync("https://preprod.xconnectcollection.ce.corp.com/odata");
}
错误:
The request was aborted: Could not create SSL/TLS secure channel.
使用本地计算机的客户端证书时可能导致请求失败的原因是什么?
确保帐户 运行 应用程序对证书的私钥具有完全权限。
我正在调用需要客户端证书的 API。将客户端证书安装到 Current User 的个人存储中后,API 调用成功。但是当客户端证书安装到 Local Machine 的个人存储中时,调用失败并显示:
The request was aborted: Could not create SSL/TLS secure channel.
设置代码如下:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return true; };
const StoreName storeName = StoreName.My;
const X509FindType findType = X509FindType.FindByThumbprint;
const string findValue = "9ce5b57fe576b9a0933b426347e74e5583da59dd";
var certCurrentUser = GetCertificate(storeName, StoreLocation.CurrentUser, findType, findValue);
var certLocalMachine = GetCertificate(storeName, StoreLocation.LocalMachine, findType, findValue);
对 GetCertificate() 的两次调用都成功并且证书看起来 相同。 (它们是从同一个 .pfx 安装的)
当使用 certCurrentUser 进行此调用时,它会成功:
WebRequestHandler handler = new WebRequestHandler();
handler.ClientCertificates.Add(certCurrentUser);
using (var client = new HttpClient(handler))
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var response = await client.GetAsync("https://preprod.xconnectcollection.ce.corp.com/odata");
}
但是使用certLocalMachine调用时失败了:
WebRequestHandler handler = new WebRequestHandler();
handler.ClientCertificates.Add(certLocalMachine);
using (var client = new HttpClient(handler))
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var response = await client.GetAsync("https://preprod.xconnectcollection.ce.corp.com/odata");
}
错误:
The request was aborted: Could not create SSL/TLS secure channel.
使用本地计算机的客户端证书时可能导致请求失败的原因是什么?
确保帐户 运行 应用程序对证书的私钥具有完全权限。