https - 在 .Net 5 下使用 HTTPS 调用 gRPC 服务的证书错误:UntrustedRoot
问题描述
我正在尝试 HTTPS 连接我的 gRPC 客户端和服务,它们都在我的本地 Windows 10 机器上的 .Net 5 下运行。现在我收到此证书错误,不知道如何修复它:
Status(StatusCode=\"Internal\", Detail=\"Error starting gRPC call.
HttpRequestException: The SSL connection could not be established, see inner exception.
AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot\", DebugException=\"System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.\r\n
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot\r\n at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)\r\n at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)\r\n at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)\r\n --- End of inner exception stack trace ---\r\n at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.GetHttp2ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)\r\n at Grpc.Net.Client.Internal.GrpcCall`2.RunCall(HttpRequestMessage request, Nullable`1 timeout)\")
我尝试通过运行下面的命令来安装开发证书,但似乎已经存在一个:
看来我在我的个人和受信任的根商店下都有这个证书
但是,我确实注意到,我的商店中存在的证书是“IIS Express 开发证书”,而不是“ASP.NET Core HTTPS 开发证书”。剂量有关系吗?如果是这样,我该如何安装正确的证书?如果没有,我还缺少什么?
解决方案
如果有人感兴趣 - 就我而言,这是由于在我当前的 Windows 构建级别下 IIS 不支持 gRPC 托管。在等待 MS 完成解决方案时,我刚刚将以下内容添加到我的 gRPC 客户端:
var httpHandler = new HttpClientHandler();
httpHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
var channel = GrpcChannel.ForAddress(ServerAddress, new GrpcChannelOptions { HttpHandler = httpHandler });
如您所见,此代码是临时的,不适用于生产。微软最近表示,该支持已包含在操作系统的 build 20241 或更高版本中,我计划在未来几周内对其进行测试。
推荐阅读
- node.js - 子子路线在角度 6 中不起作用
- ruby-on-rails - 哈希中时间戳的 Rspec 问题
- javascript - Jquery根据输入值显示或隐藏元素?
- r - 基于R中的列标题合并两个表
- php - 在属性变化 Woocommerce 中获取颜色代码
- ios - 单元格选择后 UITableView 向上滚动
- python - 如何获取数据框中所有列的数据类型?
- react-native - 在反应导航中单击汉堡图标时无法打开抽屉
- java - 修复 Apache-Camel 的 Socket 处于“CLOSE_WAIT”状态的问题
- ios - 使用本地 URL 的 iOS 应用程序的 ChromeCast 视频(错误)