带 SSL/Https 的 C# RESTService

Question

我正在尝试保护我的 RESTService，但是当我启用 https 时，我收到一条 ERR_CONNECTION_RESET 消息!

这是我生成证书的代码:

    public void generateCert()
    {
        String certSerial = ConfigDto.loadConfig(ConfigDto.CERT_SERIAL);

        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadWrite);

        BackendContext.Current.Log.WriteLine("Search for certificate with serialnumber: " + certSerial);

        int count = store.Certificates.Find(X509FindType.FindBySerialNumber, certSerial, false).Count;
        if(count == 1)
        {
            BackendContext.Current.Log.WriteLine("Certificate found");
            return;
        }

        if(count >1)
        {
            BackendContext.Current.Log.WriteLine("More then one certificate found - remove all!");
            store.RemoveRange(store.Certificates.Find(X509FindType.FindBySerialNumber, certSerial, false));
        }

        using (CryptContext ctx = new CryptContext())
        {
            ctx.Open();



            X509Certificate2 cert = ctx.CreateSelfSignedCertificate(
                new SelfSignedCertProperties
                {
                    IsPrivateKeyExportable = true,
                    KeyBitLength = 4096,
                    Name = new X500DistinguishedName("cn="+BackendContext.Current.Config.Hostname),
                    ValidFrom = DateTime.Today.AddDays(-1),
                    ValidTo = DateTime.Today.AddYears(10),
                });
            store.Add(cert);

            BackendContext.Current.Log.WriteLine("Create certificate with serialnumber: " + cert.SerialNumber);
            ConfigDto.saveConfig(ConfigDto.CERT_SERIAL, cert.SerialNumber);

        }

        store.Close();
    }

这是我启动 RESTService 的代码:

            Type type = pluginDto.plugin.GetType();

            ServiceHost oNewRESTHost = new WebServiceHost(type, new Uri[] { new Uri(sBaseAddress) });
            oNewRESTHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySerialNumber, ConfigDto.loadConfig(ConfigDto.CERT_SERIAL));

            BackendContext.Current.Log.WriteLine(String.Format("Created new service rest host '{0}'", pluginDto.plugin.Name));

            WebHttpBinding binding = new WebHttpBinding();
            binding.Security.Mode = WebHttpSecurityMode.Transport;
            binding.TransferMode = TransferMode.Streamed;
            binding.MaxReceivedMessageSize = 50000000;

            foreach( Type oServiceInterface in pluginDto.plugin.getRestServiceInterface() )
            {
                String sRestAdress = String.Format("{0}/{1}", sBaseAddress, oServiceInterface.Name);
                ServiceEndpoint oWebEndpoint = oNewRESTHost.AddServiceEndpoint(oServiceInterface, binding, sRestAdress);
                oHosts.Add(oNewRESTHost);

                var behavior = new BackendEndpointWebBehavior()
                {
                    AutomaticFormatSelectionEnabled = false,
                    FaultExceptionEnabled = false,
                    HelpEnabled = false,
                    DefaultOutgoingRequestFormat = System.ServiceModel.Web.WebMessageFormat.Json,
                    DefaultOutgoingResponseFormat = System.ServiceModel.Web.WebMessageFormat.Json,
                    DefaultBodyStyle = System.ServiceModel.Web.WebMessageBodyStyle.Wrapped,
                };
                oWebEndpoint.Behaviors.Add(behavior);
                oNewRESTHost.Open();

                BackendContext.Current.Log.WriteLine(String.Format("Added endpoint '{0}'", sRestAdress));
            }

当我在 firefox 上打开我的 RESTService 时，它​​告诉我，该网站无法加载，因为他无法验证接收到的数据。

我想我没有正确创建证书。

有什么想法吗？

Answer 1

您可以使用它来验证您的 SSL 设置(确保将此 YOUR_WEB_SERVICEURL_HERE 替换为您的 URL):

https://www.ssllabs.com/ssltest/analyze.html?d=[YOUR_WEB_SERVICEURL_HERE]&hideResults=on