c# - 在 WCF 中使用 NetTcpBinding 在自托管服务中配置传输安全时出现异常

Question

这是服务端的配置:

<endpoint binding="netTcpBinding" bindingConfiguration="TcpBinding" contract="a"></endpoint>
<binding name="TcpBinding">
  <security mode="Transport">
    <transport protectionLevel="EncryptAndSign" clientCredentialType="None">
    </transport>
  </security>
  <reliableSession enabled="false"/>
</binding>

<serviceBehaviors>
<behavior>
  <serviceCredentials>
    <serviceCertificate  storeName="My" storeLocation="LocalMachine" findValue="73 b9 d8 98 8d b6 54 bf fb ff 21 0b ac fc 04 19 37 16 71 5f" x509FindType="FindByThumbprint" />
  </serviceCredentials>
  <serviceMetadata httpGetEnabled="false"/>
  <serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>

我已通过此链接创建了一个自签名证书: https://msdn.microsoft.com/en-us/library/ff648498.aspx

首先，我创建了一个证书，我将其作为根证书颁发机构安装在受信任的根证书颁发机构中 - 名为“RootCA”。然后，我创建了另一个用这个“RootCA”签名的自签名证书，该证书颁发给“localhost”。

在客户端，我使用与服务端相同的配置元素。打开代理时，我收到以下异常:

System.ServiceModel.Security.SecurityNegotiationException The X.509 certificate CN=localhost chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation for the certificate.

运行它还需要什么？

Answer 1

include this in your client side in endpoint behaviours

    <endpointBehaviors>
          <behavior name="clientBehave">
            <clientCredentials>
               <serviceCertificate>              
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
              </serviceCertificate>
            </clientCredentials>
          </behavior>
        </endpointBehaviors>