关于证书的 MS Graph 异常
MS Graph Exception regarding Certificate
我们有一个 .net Web 应用程序(outlook web 插件),它是 运行 在两个 WindowsServer-2012 R2 上的内部部署。此应用程序调用 Microsoft Graph API。自一周以来,问题发生时就发生了窃听,但只发生在一台服务器上。
该应用程序自 5 月以来没有更改。我们还检查了 IIS 中的所有证书,但它们都正常。
调用图 api 时发生以下异常,如仅在一台服务器上解释的那样:
Microsoft.Graph.ServiceException: Code: generalException
Message: An error occurred sending the request.
---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.RedirectHandler.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.RetryHandler.d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.CompressionHandler.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.AuthenticationHandler.d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.HttpProvider.d__19.MoveNext()
--- End of inner exception stack trace ---
at Uniqa.OLAddin.EBFWeb.Helpers.GraphHelper.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Uniqa.OLAddin.EBFWeb.Controllers.DoWFController.d__5.MoveNext()
可能是其中一台服务器没有获得最新的根 CA 更新?
graph.microsoft.com 的 SSL 证书是在 9 月 15 日颁发的,这可能与您的问题一致。
证书链是这样的:
尝试在有问题的服务器上打开网站 https://graph.microsoft.com/v1.0/me/。如果您收到证书错误,请尝试更新根证书(这是 Windows 更新)。
我们有一个 .net Web 应用程序(outlook web 插件),它是 运行 在两个 WindowsServer-2012 R2 上的内部部署。此应用程序调用 Microsoft Graph API。自一周以来,问题发生时就发生了窃听,但只发生在一台服务器上。 该应用程序自 5 月以来没有更改。我们还检查了 IIS 中的所有证书,但它们都正常。 调用图 api 时发生以下异常,如仅在一台服务器上解释的那样:
Microsoft.Graph.ServiceException: Code: generalException Message: An error occurred sending the request. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.RedirectHandler.d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.RetryHandler.d__9.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.CompressionHandler.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.AuthenticationHandler.d__16.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.HttpProvider.d__19.MoveNext() --- End of inner exception stack trace --- at Uniqa.OLAddin.EBFWeb.Helpers.GraphHelper.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() at Uniqa.OLAddin.EBFWeb.Controllers.DoWFController.d__5.MoveNext()
可能是其中一台服务器没有获得最新的根 CA 更新?
graph.microsoft.com 的 SSL 证书是在 9 月 15 日颁发的,这可能与您的问题一致。
证书链是这样的:
尝试在有问题的服务器上打开网站 https://graph.microsoft.com/v1.0/me/。如果您收到证书错误,请尝试更新根证书(这是 Windows 更新)。