基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系
2015-08-31 14:45
826 查看
英文:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
使用HttpWebRequest 访问 https://mapi.alipay.com/gateway.do?...支付宝接口时 在本机WIN10 64位环境 完全没问题,使用firefox,IE Edge打开也没问题,但是在win2003 server 上报错:基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系,用IE 无法打开链接,如果在win2003 上使用fiddler 打开链接会弹出对话框提示:
Session #8: The remote server (mapi.alipay.com) presented a certificate that did not validate, due to RemoteCertificateChainErrors.
0 - 无法验证证书的签名。。。如果忽略错误则可正常访问。
原因:证书没官方签名?
We checked the credentials passed; it seems everything was fine. But still it was failing whenever we make the request to the server with the above same message. When we checked their environment, we found customer uses the self-signed certificate on the server. This is because, by default, .NET checks whether SSL certificates are signed by a certificate from the Trusted Root Certificate store.
解决方案:
请求之前加上下面得代码即可,简洁实用
![](http://images2015.cnblogs.com/blog/254995/201508/254995-20150831144502278-1962431199.png)
1.
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
2.
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback ( delegate { return true; } );
这样做会潜在一定风险
所有验证都会通过,不论是否证书是无效得。whatever
![](http://images2015.cnblogs.com/blog/254995/201508/254995-20150831144502794-1930073314.png)
,还有其他方案? 或者针对特定链接这样做就好了
1.This will accept all certificates, regardless of why they are invalid, which resolved the customer’s issue.
By validating the X509 certificate provided by the computer running Microsoft Exchange Server 2007 for SSL over HTTP, you help to provide a layer of security for the client application. You must validate certificates before you can start programming with Exchange Web Services proxy classes. If the callback is not set up, the first call will fail with a certificate error.
2.This solution could be potential security threat as you are turning off the SSL certificate validation. If this is production code, understand the risk of the server you are connecting to.
相关文章推荐
- OC之NSString
- android学习笔记之Intent与BroadcastReceiver
- BZOJ 3668([Noi2014]起床困难综合症-2进制拆分)
- 15. jQuery - 删除元素
- spring错误-在spring里面找不到org.springframework.cache.ehcache.EhCacheManagerFactoryBean
- MFC MDI应用程序 自定义标题
- Java的注释说明
- mongodb的基本操作
- android 选中效果xml文件
- 阿里无线前端招聘内容一览(2)
- STL - 迭代器 - 安插型迭代器
- 单击操作即将鼠标移动至某个对象
- 用POI导出excel时,较长的数字不想被自动变为科学计数法的解决方式
- 命令模式
- ios8下,alertController之初体验
- linux下sed的使用
- LeetCode OJ 之 Binary Tree Paths(二叉树路径)
- android 使用百度云推送
- poj 1273 Drainage Ditches
- 用Python的requests库作接口测试——上传文件