在编写我已经尝试过的内容之前,我向您展示了我为获得客户证书所做的工作:
-
我已经生成了一个
具有
openssl command openssl genrssa -out mykey.key 2048
-
用这个键我生成了一个
企业社会责任
:
openssl req -new -key mykey.key -out mycsr.csr
-
我已将此CSR发送给web服务所有者,以便接收
客户端证书
,他们给了我一个签名证书:证书。cer
现在我已经获得了客户端证书,我已经将其添加到我的证书存储中
受信任的根证书颁发机构
.
现在代码:
首先,我在Visual Studio中创建了一个测试项目,并使用服务的WSDL添加了一个服务引用。
然后我写了几行代码:
' Setting TLS 1.2 protocol '
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
ServicePointManager.ServerCertificateValidationCallback = Function(sender1, certificate, chain, sslPolicyErrors)
Return True
End Function
'Creating endpoint and binding'
Dim endpoint As EndpointAddress = New EndpointAddress("https://myWebService.it/service-page")
Dim sslBinding As BasicHttpBinding = New BasicHttpBinding(BasicHttpSecurityMode.Transport)
'Setting CredentialType = Certificate'
sslBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate
'Getting the client certificate from the store'
Dim coll = New X509Store(StoreName.My, StoreLocation.CurrentUser)
coll.Open(OpenFlags.ReadOnly)
Dim cert = coll.Certificates.Find(X509FindType.FindByThumbprint, "76DB1454D4B25ACEAF2BAE465C310E3119278792", True)
'Creating the service'
Dim svc As SdITrasmissioneFileClient = New SdITrasmissioneFileClient(sslBinding, endpoint)
'Setting the certificate inside client credentials'
svc.ClientCredentials.ClientCertificate.Certificate = cert(0)
svc.Open()
'Calling the service'
Dim resp As RispostaEsito_Type = svc.Esito(New Esito_Type() With {.IDFile = "4454555"})
svc.Close()
对我来说这看起来很简单,但当我执行代码时,我得到了一个
:'HTTP
客户端身份验证方案“匿名”禁止了请求
内部异常
:WebException:远程服务器错误:(403)禁止
接下来,我使用Fiddler和Wireshark分析了流量,发现在客户端和服务器之间的TLS握手过程中,客户端不会向服务器发送证书。
现在我不明白为什么即使我将证书添加到客户端凭据中,它也不会发送到目标
.
