根据验证程序,远程证书无效[重复]

Posted

技术标签:

【中文标题】根据验证程序,远程证书无效[重复]【英文标题】:The remote certificate is invalid according to the validation procedure [duplicate] 【发布时间】:2012-04-16 12:24:19 【问题描述】:

运行以下代码,我得到一个异常:

using (var client = new Pop3Client())

    client.Connect(provider.ServerWithoutPort, provider.Port, true);

我得到的异常:

The remote certificate is invalid according to the validation procedure.


   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
   at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl, Int32 receiveTimeout, Int32 sendTimeout, RemoteCertificateValidationCallback certificateValidator)
   at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl)
   at Ugi.Server.Sources.Logic.SourcesService.IsValidPop3Connection(String email, String emailPassword) in C:\Users\elad\Documents\Visual Studio 2010\Projects\SVN\UGI\Ugi\Server\Sources\Logic\SourcesService.cs:line 246

【问题讨论】:

@BoPersson 除了其他问题有一个可怕的接受投票的答案。 【参考方案1】:

这通常是因为以下任一情况为真:

证书是自签名的,没有添加为可信证书。 证书已过期。 证书由您的计算机上未安装的根证书签名。 证书是使用服务器的完全限定域地址签名的。含义:不能使用“xyzServerName”,而必须使用“xyzServerName.ad.state.fl.us”,因为就 SSL 证书而言,这基本上是服务器名称。 已探查吊销列表,但无法找到/使​​用。 证书是通过中间 CA 证书签名的,服务器不提供该中间证书和主机证书。

尝试获取有关服务器证书的一些信息,看看是否需要在客户端上安装任何特定证书才能使其正常工作。

【讨论】:

继续回到这个。根证书,每次。非常感谢! :D 该死...又回到这里,这一次不是以上几点:/ @Squazz:你解决了吗?有什么要补充的新点吗? 不幸的是不是@XYZ,我们最终做了其他事情:/ 我收到此错误的原因与证书无关(证书很好),但我在传出请求中使用的端点不正确【参考方案2】:

来自 Dominic Zukiewicz 的解决方案的更短版本:

ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;

但这意味着您将信任所有证书。对于不仅仅在本地运行的服务,需要更智能的东西。首先,您可以使用此代码来测试它是否能解决您的问题。

【讨论】:

查看这个答案,了解为什么你应该只在极少数情况下这样做:***.com/a/6613434/1955317 似乎很明显不能在生产中使用。但要开始开发,这是天赐良机 感谢@Squazz 分享链接 非常感谢@brimble2010,开发环境花了2天时间。 在此处添加此内容以帮助人们并锁定答案,但如果您使用 HttpClient 和 dotnet core,您将需要执行类似的操作,这同样不是一个安全的解决方案,但对于本地开发概念很方便; HttpClientHandler 处理程序 = 新的 HttpClientHandler(); handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; _client = new HttpClient(handler);【参考方案3】:

.NET 在连接的另一端看到无效的 SSL 证书。有一个解决方法,但显然不推荐用于生产代码:

// Put this somewhere that is only once - like an initialization method
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...

static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)

   return true;

【讨论】:

我收到两次提示。一次连接和一次文件上传。这正常吗?我按照您的指示插入了代码。一个在初始化,一个在我的 FTP 类中。 万岁 ServicePointManager 在开发中再次救援 此方法还允许您在决定(始终)返回true之前检查 X509Certificate 的其他选项【参考方案4】:

我在测试项目时遇到了同样的问题,结果发现运行 Fiddler 是导致此错误的原因..!!

如果你使用 Fiddler 拦截 http 请求,请将其关闭...

这是导致此类错误的众多原因之一。

要修复 Fiddler,您可能需要 Reset Fiddler Https Certificates。

【讨论】:

重置 Fiddler Https 证书的链接对我有用,谢谢。【参考方案5】:

您必须检查证书哈希码。

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain,
    errors) =>
        
            var hashString = certificate.GetCertHashString();
            if (hashString != null)
            
                var certHashString = hashString.ToLower();
                return certHashString == "dec2b525ddeemma8ccfaa8df174455d6e38248c5";
            
            return false;
        ;

【讨论】:

【参考方案6】:

尝试在发送电子邮件之前输入此内容

ServicePointManager.ServerCertificateValidationCallback = 
        delegate(object s, X509Certificate certificate, X509Chain chain,
        SslPolicyErrors sslPolicyErrors)  return true; ;

记得添加使用库!

【讨论】:

您永远不应该在不解释风险的情况下推荐这种解决信任问题的方法。

以上是关于根据验证程序,远程证书无效[重复]的主要内容,如果未能解决你的问题,请参考以下文章

根据验证程序[重复],远程证书无效

IdentityServer:远程证书根据验证程序无效

使用 HttpClient 的“远程证书根据验证程序无效”

ITfoxtec - ADFS SAML2 根据验证程序,远程证书无效

根据验证程序,远程证书无效

抛出异常:根据验证程序,远程证书无效