blocks|key|367024|text|在遇到这个问题时，我使用的方法是将临时证书的签名者添加到相关计算机上的受信任机构列表中。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|367025|我通常使用CACERT创建的证书进行测试，并将它们添加到我的受信任机构列表中。|367026|这样做意味着您不必向应用程序中添加任何自定义代码，并且它可以正确地模拟部署应用程序时会发生的情况。因此，我认为这是以编程方式关闭检查的一个更好的解决方案。|367027|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

The approach I used when faced with this problem was to add the signer of the temporary certificate to the trusted authorities list on the computer in question.

I normally do testing with certificates created with CACERT, and adding them to my trusted authorities list worked swimmingly.

Doing it this way means you don't have to add any custom code to your application and it properly simulates what will happen when your application is deployed. As such, I think this is a superior solution to turning off the check programmatically.

blocks|key|3156148|text|或者，您可以注册一个忽略认证错误的回调委托：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3156149|...
ServicePointManager.ServerCertificateValidationCallback+=+MyCertHandler;
...

static+bool+MyCertHandler(object+sender,+X509Certificate+certificate,+X509Chain+chain,+SslPolicyErrors+error)
{
//+Ignore+errors
return+true;
}|code-block|syntax|javascript|3156150|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

Alternatively you can register a call back delegate which ignores the certification error:

<pre><code>...
ServicePointManager.ServerCertificateValidationCallback = MyCertHandler;
...

static bool MyCertHandler(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors error)
{
// Ignore errors
return true;
}
</code></pre>

blocks|key|363668|text|就像Jason+S的回答：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|363669|ServicePointManager.ServerCertificateValidationCallback+=+delegate+{+return+true;+};|code-block|syntax|javascript|363670|我把它放到我的Main中，查看我的app.config，并在调用那一行代码之前测试是否有(ConfigurationManager.AppSettings["IgnoreSSLCertificates"]+==+"True")。|offset|length|style|CODE|363671|entityMap^0|0|0|H|A|18|1X|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Q|8|@$I|R|J|S|K|L]|$I|T|J|U|K|L]]|9|@]|A|$]]|$1|M|3|-4|5|6|7|V|8|@]|9|@]|A|$]]]|N|$]]

Like Jason S's answer:

<pre><code>ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
</code></pre>

I put this in my Main and look to my <code>app.config</code> and test if <code>(ConfigurationManager.AppSettings["IgnoreSSLCertificates"] == "True")</code> before calling that line of code.

blocks|key|3156233|text|我是这样解决的：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3156234|在调用导致该错误的ssl+the服务之前，请调用以下代码：|3156235|using+System.Net;
using+System.Net.Security;
using+System.Security.Cryptography.X509Certificates;

///+<summary>
///+solution+for+exception
///+System.Net.WebException:+
///+The+underlying+connection+was+closed:+Could+not+establish+trust+relationship+for+the+SSL/TLS+secure+channel.+--->+System.Security.Authentication.AuthenticationException:+The+remote+certificate+is+invalid+according+to+the+validation+procedure.
///+</summary>
public+static+void+BypassCertificateError()
{
++++ServicePointManager.ServerCertificateValidationCallback+%2B=

++++++++delegate(
++++++++++++Object+sender1,
++++++++++++X509Certificate+certificate,
++++++++++++X509Chain+chain,
++++++++++++SslPolicyErrors+sslPolicyErrors)
++++++++{
++++++++++++return+true;
++++++++};
}|code-block|syntax|javascript|3156236|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|L|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|M|8|@]|9|@]|A|$G|H]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

I solved it this way:

Call the following just before calling your ssl webservice that cause that error:

<pre><code>using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

/// &lt;summary&gt;
/// solution for exception
/// System.Net.WebException: 
/// The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---&gt; System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
/// &lt;/summary&gt;
public static void BypassCertificateError()
{
 ServicePointManager.ServerCertificateValidationCallback +=

 delegate(
 Object sender1,
 X509Certificate certificate,
 X509Chain chain,
 SslPolicyErrors sslPolicyErrors)
 {
 return true;
 };
}
</code></pre>

blocks|key|363696|text|我在使用DownloadString时也遇到了同样的错误，我在这个页面上的建议如下所示|type|unstyled|depth|inlineStyleRanges|entityRanges|data|363697|System.Net.WebClient+client+=+new+System.Net.WebClient();++++++++++++
ServicePointManager.ServerCertificateValidationCallback+=+delegate+{+return+true;+};
string+sHttpResonse+=+client.DownloadString(sUrl);|code-block|syntax|javascript|363698|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

I was having same error using DownloadString; and was able to make it works as below with suggestions on this page

<pre><code>System.Net.WebClient client = new System.Net.WebClient(); 
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
string sHttpResonse = client.DownloadString(sUrl);
</code></pre>

blocks|key|364158|text|ServicePointManager.ServerCertificateValidationCallback+%2B=
++++++++++++(mender,+certificate,+chain,+sslPolicyErrors)+=>+true;|type|code-block|depth|inlineStyleRanges|entityRanges|data|syntax|javascript|364159|将绕过无效的ssl。将其写入您的web服务构造函数。|unstyled|364160|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$B|C]]|$1|D|3|E|5|F|7|J|8|@]|9|@]|A|$]]|$1|G|3|-4|5|F|7|K|8|@]|9|@]|A|$]]]|H|$]]

<pre><code>ServicePointManager.ServerCertificateValidationCallback +=
 (mender, certificate, chain, sslPolicyErrors) =&gt; true;
</code></pre>

will bypass invaild ssl . Write it to your web service constructor.

blocks|key|3369127|text|对于新手来说，您可以在单独的cs文件中扩展您的部分服务类，并将代码添加到"imanabidi“提供的代码中，以将其集成在一起。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3369128|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

For newbies,
you can extend your partial service class in a separate cs file and add the code the code provided by "imanabidi" to get it integrated

blocks|key|367085|text|为了进一步扩展Simon+Johnson，理想情况下，您需要一个能够模拟您在生产中看到的条件的解决方案，而修改您的代码不会做到这一点，而且如果您忘记在部署代码之前将其取出，则可能是危险的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|367086|您将需要某种类型的自签名证书。如果你正在使用IIS+Express，你已经有一个这样的工具了，你只需要找到它。打开Firefox或任何你喜欢的浏览器，然后转到你的开发网站。您应该能够从URL栏中查看证书信息，并且根据您的浏览器，您应该能够将证书导出到文件中。|367087|接下来，打开MMC.exe，并添加证书管理单元。将证书文件导入受信任的根证书颁发机构存储中，这就是您需要的全部内容。重要的是要确保它进入了那个商店，而不是像“私人”这样的其他商店。如果你不熟悉MMC或证书，有许多网站提供了如何做到这一点的信息。|367088|现在，您的计算机作为一个整体将隐式地信任它自己生成的任何证书，并且您不需要添加代码来专门处理此问题。当您迁移到生产环境时，它将继续工作，前提是您在那里安装了适当的有效证书。不要在生产服务器上这样做-那是不好的，除了服务器本身上的客户端之外，它不会对任何其他客户端起作用。|367089|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|J|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|K|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|L|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|M|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|I|$]]

To further expand on Simon Johnsons post - Ideally you want a solution that will simulate the conditions you will see in production and modifying your code won't do that and could be dangerous if you forget to take the code out before you deploy it.

You will need a self-signed certificate of some sort. If you're using IIS Express you will have one of these already, you'll just have to find it. Open Firefox or whatever browser you like and go to your dev website. You should be able to view the certificate information from the URL bar and depending on your browser you should be able to export the certificate to a file.

Next, open MMC.exe, and add the Certificate snap-in. Import your certificate file into the Trusted Root Certificate Authorities store and that's all you should need. It's important to make sure it goes into that store and not some other store like 'Personal'. If you're unfamiliar with MMC or certificates, there are numerous websites with information how to do this.

Now, your computer as a whole will implicitly trust any certificates that it has generated itself and you won't need to add code to handle this specially. When you move to production it will continue to work provided you have a proper valid certificate installed there. Don't do this on a production server - that would be bad and it won't work for any other clients other than those on the server itself.

We are setting up a new SharePoint for which we don't have a valid SSL certificate yet. I would like to call the Lists web service on it to retrieve some meta data about the setup. However, when I try to do this, I get the exception:

<blockquote>
 The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
</blockquote>

The nested exception contains the error message:

<blockquote>
 The remote certificate is invalid according to the validation procedure.
</blockquote>

This is correct since we are using a temporary certificate.

My question is: how can I tell the .Net web service client (SoapHttpClientProtocol) to ignore these errors?

Bypass invalid SSL certificate errors when calling web services in .Net

我们正在设置一个新的SharePoint，但我们还没有有效的SSL证书。我想在它上面调用列表web服务来检索一些关于设置的元数据。但是，当我尝试这样做时，我得到了异常：基础连接已关闭:无法为SSL/TLS安全通道建立信任关系。嵌套的异常包含错误消息：根据验证过程，远程证书无效。这是正确的，因为我们使用的是临时证书。我的问题是:如何告诉.Net web服务客户端(SoapHttpClientProt

问在.Net中调用web服务时绕过无效的SSL证书错误
EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问在.Net中调用web服务时绕过无效的SSL证书错误EN

回答 8

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问在.Net中调用web服务时绕过无效的SSL证书错误
EN