3

I have a self-signed certificate (.cer) file from a third party. I'd like to use that certificate in code to connect to their webservice (over HTTPS), without installing it in my cert store in Windows. Specifically this is so all the other developers on the team won't have to install this cert locally in order for the connection to work for them.

Is there a way to do this in code? It can use either old-fashioned webservice-client code (using wsdl.exe or VS's Add Web Reference) or WCF client code (using svcutil.exe or VS's Add Service Reference) - we haven't nailed down which way we want to go yet.

I've tried:

proxy.ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"d:\temp\mycert.cer"));

with old-school webservice code, no luck - it still fails with Could not establish trust relationship for the SSL/TLS secure channel. until I actually install the cert in the cert store. Same thing for:

<identity>
  <certificate encodedValue="the base64 encoded contents of the file" />
</identity>

in the endpoint in app.config using the WCF client techology.

Thanks

4

2 回答 2

3

您需要证书的原因是 HTTPS。Web 服务受传输安全 (HTTPS) 保护,证书不受系统信任。要信任证书,常用方法是将证书安装到证书存储区。这一切都不是 .NET 功能 - 它是 .NET 职责之外的 Windows 功能。

要信任任意 SSL crtificate .NET 提供回调方法,您可以在其中制作自己的代码来验证证书:ServicePointManager.ServerCertificateValidationCallback. 如果您只是从回调中返回 true,您将信任每个证书,但这仅用于开发和测试!部署到生产应用程序后,应使用证书存储中的证书或使用回调中定义的特定验证(不推荐)。

于 2011-06-07T05:46:10.213 回答
1

.NET can't/won't handle a cert+key combination (which you need in this case) from a plaintext file. I haven't found a way to construct one; it flat-out will not read a plaintext key for a cert.

It will, however, work with a P12/PFX container even if the container doesn't have a password. You can even store this as an encoded string and reconstitute it via this constructor: http://msdn.microsoft.com/en-us/library/ms148418.aspx

于 2011-06-06T23:55:25.097 回答