
由网友(老不正經的小少年つ)分享简介:我是新来的密码学和我有点坚持:I'm new to cryptography and I'm a bit stuck:我试图连接(从我的开发环境)使用HTTPS Web服务。 Web服务需要客户端证书 - 这我想我已经正确安装I'm trying to connect (from my development e...


I'm new to cryptography and I'm a bit stuck:

我试图连接(从我的开发环境)使用HTTPS Web服务。 Web服务需要客户端证书 - 这我想我已经正确安装

I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly.

他们给我提供了一个.PFX文件。在Windows 7中,我双击它安装到我的当前用户的文件 - 个人证书存储

They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store.

我然后导出的X509 BASE-64连接codeD .cer文件从存储中的证书项。它没有私钥准吧。

I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it.


Then, in my app, I'm attempting to connect to the service like this:

var certificate = X509Certificate.CreateFromCertFile("xyz.cer"));
var serviceUrl = "https://xyz";
var request = (HttpWebRequest) WebRequest.Create(serviceUrl);
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";


I get a 502 Connection failed when I connect.

有什么你可以看到不对的方法?我们的生产环境似乎与类似配置的工作,但它的运行Windows Server 2003。

Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003.




The underlying problem is that you are only giving your program access to the certificate. To perform authentication, it needs access to the private key too.

一个正确实例 X509Certificate2 可携带的私钥,应传递给 ClientCertificates.Add()方法。我相信 导入() 方法可以接受一个.pfx文件作为输入;导出.CER文件缺少了私有密钥,而不是客户端验证非常有用。

A correctly instantiated X509Certificate2 can carry the private key, and should be passed to ClientCertificates.Add() method. I believe the Import() method can accept a .pfx file as input; the exported .cer file lacks the private key and isn't useful for client authentication.


