C#“根据验证过程,远程证书无效: RemoteCertificateNameMismatch、RemoteCertificateChainErrors”
C#“根据验证过程,远程证书无效: RemoteCertificateNameMismatch、RemoteCertificateChainErrors”
提问于 2021-07-06 18:08:35
需要使用pfx证书从.net核心发布消息到亚马逊网络服务。连接到客户端id时出错。
我的worker服务源代码如下所示
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
DateTime registryValue = DateTime.Now;
try
{
string application = Configuration[Constants.Application];
string sourceName = Configuration[Constants.SourceName];
string certificateSubject = Configuration[Constants.CertificateSubject];
string iotEndPoint = Configuration[Constants.IotEndpoint];
int brokerPort = Convert.ToInt32(Configuration[Constants.BrokerPort]);
string topic = Configuration[Constants.Topic];
string ggcRootCaCertificate = Configuration[Constants.GgcRootCaCertificate];
string storeName = Configuration[Constants.X509Store];
string clientId = Configuration[Constants.ClientId];
Logger.LogInformation($"ggcRootCaCertificate: {ggcRootCaCertificate}.");
string machineName = Environment.MachineName;
EventLog eventLog = new EventLog(application, machineName);
EventLogEntryCollection eventLogEntryCollection = eventLog.Entries;
//int logCount = eventLogEntryCollection.Count;
//if (logCount <= 0)
//{
// Logger.LogInformation("No Event Logs in the Log :");
//}
X509Store store = new X509Store(storeName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var clientCert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(x =>
x.SubjectName.Name.Contains(certificateSubject));
if (clientCert == null)
{
Logger.LogInformation("Certificate not installed in the system");
}
X509Certificate x509Certificate = X509Certificate.CreateFromCertFile(Path.Join(ggcRootCaCertificate));
MqttClient mqttClient = new MqttClient(iotEndPoint, brokerPort, true, x509Certificate, clientCert, MqttSslProtocols.TLSv1_2);
if (clientId == null)
{
clientId = machineName;
}
mqttClient.ProtocolVersion = MqttProtocolVersion.Version_3_1_1;
mqttClient.Connect(clientId);
Logger.LogInformation($"Connected to AWS IoT with client id: {clientId}.");
RegistryKey registryKey = Registry.LocalMachine.CreateSubKey(Constants.RegistryPath);
DateTime calculatedLogTime = DateTime.Now;
EventLog log = new EventLog(application);
var totalEntries = log.Entries.Cast<EventLogEntry>()
.Where(x => x.Source == sourceName)
.Select(x => new
{
x.MachineName,
x.Site,
x.Source,
x.Message,
x.TimeGenerated,
x.TimeWritten
}).ToList();
registryValue = Convert.ToDateTime(registryKey.GetValue(Constants.LastEventLogFetch));
if (totalEntries.Count > 0)
{
int i = 0;
List<dynamic> termsList = new List<dynamic>();
if (registryValue == null || registryValue == DateTime.MinValue)
{
var Entries = totalEntries.OrderByDescending(x => x.TimeGenerated).FirstOrDefault();
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime.AddMinutes(-1));
}
else
{
calculatedLogTime = registryValue.AddMinutes(1);
var Entries = totalEntries.Where(x => (x.TimeGenerated <= calculatedLogTime && x.TimeGenerated >= registryValue)).ToList();
if (Entries.Count > 0)
{
foreach (var item in Entries.GetRange(0, Entries.Count))
{
termsList.Add(item.Message + "Message from vm 30.31");
}
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime);
}
else
{
Logger.LogInformation("Event log count is zero. Can't send message");
}
}
}
else
{
Logger.LogInformation("Event log count is zero");
}
}
catch (Exception ex)
{
Logger.LogInformation(ex.Message, DateTimeOffset.Now);
Console.WriteLine(ex.Message);
}
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
if (registryValue > DateTime.Now)
{
await Task.Delay(60000, stoppingToken);
Logger.LogInformation("Registry value is greater than current time. So task delay will be one minue");
}
else
{
await Task.Delay(1000, stoppingToken);
Logger.LogInformation("Registry value is less than current time. So task delay will be one second");
}
}
}下面是Json设置,
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AccuTabSettings": {
"Application": "name",
"SourceName": "Source",
"CertificateSubject": "CN=AWS IoT Certificate",
"IotEndpoint": "1.1.1.1",
"BrokerPort": 800,
"Topic": "device/client_id",
"GgcRootCaCertificate": "F:\\Certificates\\ggc-root.ca.crt",
"X509Store": "MY",
"ClientId": "pqr"
}
}当连接客户端获得问题证书时,根据验证过程: RemoteCertificateNameMismatch,RemoteCertificateChainErrors,远程证书无效。
回答 1
Stack Overflow用户
回答已采纳
发布于 2021-07-06 18:50:20
RemoteCertificateNameMismatch错误的主要问题是远程证书中指定的主题与您要连接的地址之间的主题不匹配。我怀疑远程证书是针对某个DNS名称颁发的,但您连接的IP地址显然未在证书主题/SAN扩展中指定。您需要确保远程证书的SAN扩展包含要连接到的地址。
信息不足,无法调试RemoteCertificateChainErrors错误。您需要附加调试器并检索确切的错误。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/68268568
复制相关文章
相似问题
腾讯云开发者
