个人中心
gpt4 book ai didi

ssl - 如何在 Kestrel/.net core 上实现 SSL

转载 作者:太空宇宙 更新时间:2023-11-03 13:00:33 24 4
gpt4 key购买 nike

问题:

尝试在 Kestrel/.net core 上使用 SSL

错误信息:

Managed Debugging Assistant 'FatalExecutionEngineError' has detected a problem in 'C:\my.exe'. Additional information: The runtime has encountered a fatal error. The address of the error was at 0x053150a3, on thread 0x1c44. The error code is 0xc0000005. This error may be a bug in the CLR or in the unsafe or non-verifiable portions of user code. Common sources of this bug include user marshaling errors for COM-interop or PInvoke, which may corrupt the stack.

请求的答案:

我怀疑我的问题出在我的证书上,如下所述。如果这是真的,我将不胜感激有关如何创建 .pfx 文件的分步说明。另外,我不明白证书是如何存储的:IIS 和 IIS Express 是否都需要不同的证书,或者它们是否查看注册表并使用通用证书?

代码:

    public static void Main(string[] args)
    {
        string env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
        var config = new ConfigurationBuilder()
            .SetBasePath(Directory.GetCurrentDirectory())
            .AddJsonFile("hosting.json", optional: true)
            .AddJsonFile($"appsettings.{env}.json", optional: false)
            .AddCommandLine(args)  // will get server.urls from command line
            .Build();

        X509Certificate2 xCert = new X509Certificate2("localhostSSLCert.pfx", config["Data:SSLPassword"]);

        var host = new WebHostBuilder()
            .UseKestrel(x => x.UseHttps(xCert))
            .UseConfiguration(config)
            .UseContentRoot(Directory.GetCurrentDirectory())
            //.UseUrls("http://localhost:53389/")
            .UseIISIntegration()
            .UseStartup<Startup>()
            .Build();

        try
        {
            host.Run();
        }
        catch (Exception ex)
        {
            string y = ex.Message;
        }
    }

我为调试所做的工作:

当我单步执行代码并查看证书(代码中的 xCert)时,它似乎是一个有效对象,这意味着 .net 已正确读取文件(我看到了我的域名等)。
但是我仍然怀疑我的问题是证书。我发现有很多文章试图解释如何生成 .pfx 文件。我用来生成我正在使用的 .pfx 文件的主要文章是: https://blogs.msdn.microsoft.com/robert_mcmurray/2013/11/15/how-to-trust-the-iis-express-self-signed-certificate/

我研究过的其他文章:

creating valid test SSL certificates for IIS http://dotnetthoughts.net/how-to-setup-https-on-kestrel/ http://rainabba.blogspot.com/2014/03/ssl-certs-for-iis-with-pfx-once-and-for.html

我无法使用证书 MMC 管理单元导出证书。 .pfx 选项始终处于禁用状态。

项目.json

{
  "version": "1.0.0-*",
  "userSecretsId": "aspnet-WebApp1-c23d27a4-eb88-4b18-9b77-2a93u3b15119",
  "dependencies": {
    "Microsoft.Extensions.Logging": "1.0.0",
    "Blog.Core": "1.0.0-*",
    "Blog.Domain": "1.0.0-*",
    "Blog.Model": "1.0.0-*",
    "Blog.Services": "1.0.0-*",
    "Microsoft.Extensions.Caching.Memory": "1.0.0",
    "Microsoft.Extensions.Caching.Abstractions": "1.0.0",
    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
    "Microsoft.AspNetCore.Session": "1.0.0",
    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0",
    "Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
    "Microsoft.Extensions.Configuration.Json": "1.0.0",
    "Microsoft.Extensions.Logging.Console": "1.0.0",
    "Microsoft.Extensions.Logging.Debug": "1.0.0",
    "NETStandard.Library": "1.6.0",
    "Autofac.Extensions.DependencyInjection": "4.0.0",
    "Microsoft.Extensions.Configuration.CommandLine": "1.0.0",
    "Microsoft.AspNetCore.Mvc": "1.0.1",
    "Microsoft.AspNetCore.Server.Kestrel": "1.0.1",
    "Autofac": "4.1.1",
    "Microsoft.ApplicationInsights.AspNetCore": "1.0.2",
    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.1"
  },

  "tools": {
    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-preview2-final"
  },

  "frameworks": {
    "net462": {
      "frameworkAssemblies": {
        "System.Drawing": "4.0.0.0"
      }
    }
  },
  "buildOptions": {
    "emitEntryPoint": true,
    "preserveCompilationContext": true
  },
  "runtimeOptions": {
    "gcServer": true
  },
  "publishOptions": {
    "include": [
      "wwwroot",
      "Views",
      "appsettings.json",
      "appsettings.prod.json",
      "appsettings.development.json",
      "logs",
      "web.config"
    ]
  },

  "scripts": {
    "postpublish": [ "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%" ]
  }
}

最佳答案

要确保问题仅出在您的证书上,请尝试使用 test certificate来自 Kestrel 样本。

  1. 由于证书需要密码 (testPassword),请使用 KestrelServerOptions.UseHttps() 的第二个版本。来自 github sample 的示例:

    var host = new WebHostBuilder()
      .UseKestrel(options =>
      {
        // options.ThreadCount = 4;
        options.NoDelay = true;
        options.UseHttps("testCert.pfx", "testPassword");
        options.UseConnectionLogging();
      })
      .UseUrls("http://localhost:5000", "https://localhost:5001")

  2. 不要忘记在发布过程中包含证书(包含在 project.jsonpublishOptions 中)。

    "publishOptions": {
        "include": [
              ...,
               "testCert.pfx"
               ]
     }

关于ssl - 如何在 Kestrel/.net core 上实现 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39961678/

24 4 0
文章推荐: node.js - 在 node/express 上安装 RapidSSL 证书
文章推荐: android - 对话框中的图像
文章推荐: android - 在 Facebook 上分享 Google Play 链接和错误的缩略图
文章推荐: apache - 在 centos 中更新 httpd 后 SSL 不起作用
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com