https 使用带有 kestrel useHttps 的手动 ssl 证书
https using manual ssl cert with kestrel useHttps
我正在尝试使用 https 和 .Net web API。
设置一个简单的 API
public class Program
{
public static void Main(string[] args)
{
BuildWebHost(args).Run();
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseKestrel(options =>
{
string key = {{private.key}} //is this the password it wants?
options.Listen(IPAddress.Any, 50790);
options.Listen(IPAddress.Any, 40354, listenOptions =>
{
listenOptions.UseHttps("certificate.crt", key);
});
})
.Build();
}
//{{private.key}} is the private key in a string.
在启动和连接 http 时使用它可以正常工作,但是一旦我尝试 https,我就会遇到巨大的错误,并且没有向客户端发送响应。
从 lets encrypt 获得证书:ca_bundle.crt、certificate.crt 和 private.key。
这是我尝试使用 https 连接时遇到的错误:
fail: Microsoft.AspNetCore.Server.Kestrel[0] Uncaught exception from
the OnConnectionAsync method of an IConnectionAdapter.
System.NotSupportedException: The server mode SSL must use a
certificate with the associated private key. at
System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]&
thumbPrint) at System.Net.Security.SecureChannel.GenerateToken(Byte[]
input, Int32 offset, Int32 count, Byte[]& output) at
System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32
offset, Int32 count) at
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32
count, AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32
count, AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest
asyncRequest)
我怎样才能让它工作?
证书有问题。
您需要在一个文件中拥有包含相关私钥的证书才能使其正常工作。
所以按照 jdehlin 所说的去做 here 并创建一个包含证书和密钥的 pfx 文件。
当你这样做时,系统会要求你为 pfx 文件设置密码,这就是你在密码字段中输入的密码,然后你只需 link 你的 pfx 文件而不是 crt 文件。
我正在尝试使用 https 和 .Net web API。
设置一个简单的 APIpublic class Program
{
public static void Main(string[] args)
{
BuildWebHost(args).Run();
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseKestrel(options =>
{
string key = {{private.key}} //is this the password it wants?
options.Listen(IPAddress.Any, 50790);
options.Listen(IPAddress.Any, 40354, listenOptions =>
{
listenOptions.UseHttps("certificate.crt", key);
});
})
.Build();
}
//{{private.key}} is the private key in a string.
在启动和连接 http 时使用它可以正常工作,但是一旦我尝试 https,我就会遇到巨大的错误,并且没有向客户端发送响应。
从 lets encrypt 获得证书:ca_bundle.crt、certificate.crt 和 private.key。
这是我尝试使用 https 连接时遇到的错误:
fail: Microsoft.AspNetCore.Server.Kestrel[0] Uncaught exception from the OnConnectionAsync method of an IConnectionAdapter. System.NotSupportedException: The server mode SSL must use a certificate with the associated private key. at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint) at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output) at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
我怎样才能让它工作?
证书有问题。
您需要在一个文件中拥有包含相关私钥的证书才能使其正常工作。
所以按照 jdehlin 所说的去做 here 并创建一个包含证书和密钥的 pfx 文件。
当你这样做时,系统会要求你为 pfx 文件设置密码,这就是你在密码字段中输入的密码,然后你只需 link 你的 pfx 文件而不是 crt 文件。