gpt4 book ai didi

.net - 使用 Azure 网站时出现定期 ServiceBus 错误 "The X.509 certificate CN=servicebus.windows.net is not in the trusted people store"

转载 作者:行者123 更新时间:2023-12-03 22:37:31 26 4
gpt4 key购买 nike

我有几个网站在 Azure 中运行,大量使用 ServiceBus(也在 Azure 中托管),全部位于一个区域。

有时(每 2-3 天一次)我同时在所有网站上出现相同的错误(在阅读/等待消息期间):

Microsoft.ServiceBus.Messaging.MessagingCommunicationException: 
The X.509 certificate CN=servicebus.windows.net is not in the trusted people store.
The X.509 certificate CN=servicebus.windows.net chain building failed.
The certificate that was used has a trust chain that cannot be verified.
Replace the certificate or change the certificateValidationMode.
A certificate chain could not be built to a trusted root authority.

完整的堆栈跟踪:

Microsoft.ServiceBus.Messaging.MessagingCommunicationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
---> System.ServiceModel.Security.SecurityNegotiationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
---> System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.

at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.ServiceModel.Channels.SslStreamSecurityUpgradeInitiator.InitiateUpgradeAsyncResult.OnCompleteAuthenticateAsClient(IAsyncResult result)
--- End of inner exception stack trace ---

Server stack trace:
at Microsoft.ServiceBus.Messaging.Channels.SharedChannel`1.CreateChannelAsyncResult.<GetAsyncSteps>d__7.MoveNext()
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)
at Microsoft.ServiceBus.Common.AsyncResult.AsyncCompletionWrapperCallback(IAsyncResult result)

Exception rethrown at [0]:
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
at Microsoft.ServiceBus.Messaging.Channels.SharedChannel`1.OnEndCreateInstance(IAsyncResult asyncResult)
at Microsoft.ServiceBus.Messaging.SingletonManager`1.EndGetInstance(IAsyncResult asyncResult)
at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.RequestAsyncResult.<GetAsyncSteps>b__2(RequestAsyncResult thisPtr, IAsyncResult r)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [1]:
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.EndRequest(IAsyncResult result)
at Microsoft.ServiceBus.Messaging.Sbmp.RedirectBindingElement.RedirectContainerChannelFactory`1.RedirectContainerSessionChannel.RequestAsyncResult.<>c__DisplayClass17.<GetAsyncSteps>b__a(RequestAsyncResult thisPtr, IAsyncResult r)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [2]:
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
at Microsoft.ServiceBus.Messaging.Sbmp.RedirectBindingElement.RedirectContainerChannelFactory`1.RedirectContainerSessionChannel.EndRequest(IAsyncResult result)
at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.RequestAsyncResult.<GetAsyncSteps>b__4(RequestAsyncResult thisPtr, IAsyncResult r)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [3]:
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.EndRequest(IAsyncResult result)
at Microsoft.ServiceBus.Messaging.Sbmp.CloseOrAbortLinkAsyncResult.<GetAsyncSteps>b__7(CloseOrAbortLinkAsyncResult thisPtr, IAsyncResult a)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [4]:
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.AbandonPrefetchedMessagesCloseAbortAsyncResult.<GetAsyncSteps>b__41(AbandonPrefetchedMessagesCloseAbortAsyncResult thisPtr, IAsyncResult r)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [5]:
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.OnEndClose(IAsyncResult result)
--- End of inner exception stack trace ---
at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.OnEndClose(IAsyncResult result)
at Microsoft.ServiceBus.Messaging.ClientEntity.OnClose(TimeSpan timeout)
at Microsoft.ServiceBus.Messaging.ClientEntity.Close(TimeSpan timeout)
at Olekstra.Common.QueueReader.<>c__DisplayClass3.<StartTask>b__2(Boolean force)

我正在使用最新版本的Microsoft.ServiceBus.dll NuGet 包(2.4.0.0),因此 Google 的答案“ServiceBus 1.8 中默认关闭证书验证”是无用的 - 我没有将任何验证打开,而且 - 它连续工作多个小时,并且每次只失败一次2-3 天。

类似answer关于自托管应用程序也不适合 - 网站在 Azure 内部运行,托管虚拟机由 MS 员工管理,我不允许更新任何根证书。

有人知道为什么 ServiceBus 客户端有时决定检查 SSL 证书以及如何禁用此行为吗?

更新:

我添加了<add key="Microsoft.ServiceBus.X509RevocationMode" value="NoCheck"/>appSettingsweb.config两周前 - 没有区别。

Reflector 还显示 Microsoft.ServiceBus.Configuration.ConfigurationHelpers.GetCertificateRevocationMode() 中的默认值为“NoCheck”

最佳答案

更改连接模式可以解决您的问题。

ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Https

通常是ConnectivityMode.AutoDetect

根据 MS 支持的来源

"This will force all traffic to use a WebSockets tunnel that is protected by a prior TLS/HTTPS handshake, and that handshake carries the required intermediate certificate. The messaging protocol used through that tunnel will still be AMQP or NetMessaging, so you should not be worried to get HTTP characteristics when choosing this option."

所以我认为在这种情况下证书只会被获取一次,这可能会在那时引入额外的延迟,然后它会永远使用。获得异常(exception)的风险因此大大降低,这似乎是合乎逻辑的。

关于.net - 使用 Azure 网站时出现定期 ServiceBus 错误 "The X.509 certificate CN=servicebus.windows.net is not in the trusted people store",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25739534/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com