vb.net 调用 Web 服务“底层连接已关闭:无法为 SSL/TLS 安全通道建立信任关系”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15377075/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Calling a webservice "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"
提问by user93353
There are many versions of this question on stackoverflow. I have tried a lot of the solutions suggested there - but none of these work for me.
这个问题在 stackoverflow 上有很多版本。我已经尝试了很多建议的解决方案 - 但这些都不适合我。
I have a VB ASP.NET application running on IIS on Windows Server 2008. It calls a webservice. The Server running the Web Service has a self signed certificate. I have imported the Cert into the Trust Store of the IIS machine. I can see the certificate in IE->Options->Content->Certificates->Trusted Root Certification Authorities.
我有一个运行在 Windows Server 2008 上的 IIS 上的 VB ASP.NET 应用程序。它调用一个 web 服务。运行 Web 服务的服务器具有自签名证书。我已经将证书导入到 IIS 机器的信任存储中。我可以在 IE->Options->Content->Certificates->Trusted Root Certification Authorities 中看到证书。
When the webservice is called, an exception is thrown
调用webservice时,抛出异常
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
底层连接已关闭:无法为 SSL/TLS 安全通道建立信任关系。
The same IIS VB ASP.NET Application runs fine on another machine with a similar setup.
相同的 IIS VB ASP.NET 应用程序在具有类似设置的另一台机器上运行良好。
These are the different basic things I have checked
这些是我检查过的不同的基本内容
- The URL used to call the webservice is the same as the CN on the Cert imported into the Trusted Root CA.
- Time is synced between the calling machine and the webservice host
- The Cert isn't expired.
- The IIS machine has Proxy settings in IIS, but Webservice Host machine as added to list of exceptions where Proxy should not be used.
- 用于调用 webservice 的 URL 与导入可信根 CA 的 Cert 上的 CN 相同。
- 时间在调用机器和网络服务主机之间同步
- 证书没有过期。
- IIS 机器在 IIS 中有代理设置,但 Webservice 主机机器添加到不应使用代理的例外列表中。
I wrote a small command line test program in VB.NET calling the same webservice which runs fine.
我在 VB.NET 中编写了一个小的命令行测试程序,调用运行良好的相同 web 服务。
After importing the Cert into the Trusted CA store, I have done a iisreset.
将证书导入受信任的 CA 存储区后,我已经完成了 iisreset。
Only thing I haven't tried yet is rebooting the IIS machine - this is production machine & I cannot reboot it for at least a couple of days.
我唯一还没有尝试过的事情是重新启动 IIS 机器——这是生产机器,我至少在几天内无法重新启动它。
What else can I try?
我还能尝试什么?
回答by Snixtor
Internet Explorer certificate settings apply only to the current user. It's highlyunlikely that the same user you're logged in as when operating IE is the same as the one being used to host the IIS application. You could add the certificate to the trusted certs for the appropriate service account, but a simpler approach would be to add it to the "Local Computer" trusted certs.
Internet Explorer 证书设置仅适用于当前用户。这是非常不可能的,你会在何时运行IE浏览器是一样的一个记录相同的用户正在使用托管的IIS应用程序。您可以将证书添加到相应服务帐户的受信任证书中,但更简单的方法是将其添加到“本地计算机”受信任证书中。
Run Microsoft Management Console (type "mmc" in run dialog) File > Add / Remove Snap-Ins > Certificates, chose "Computer account" for the certificates to manage. This way, anyuser or service account on the server will see the certificate as trusted.
运行 Microsoft 管理控制台(在运行对话框中键入“mmc”)文件 > 添加/删除管理单元 > 证书,为要管理的证书选择“计算机帐户”。这样,服务器上的任何用户或服务帐户都会将证书视为受信任的。
Alternatively, depending on how you're accessing the web-service, you could add an exception within the application itself. I would recommend code that checks the thumbprint / hash of the certificate though, as opposed to allowing it to connect to anyun-trusted certificate.
或者,根据您访问 Web 服务的方式,您可以在应用程序本身中添加一个例外。我会推荐代码来检查证书的指纹/哈希,而不是允许它连接到任何不受信任的证书。
