问题
I am using ASP.Net Core and I have 2 projects.
- ASP.Net Core MVC application
- ASP.Net Core WebApi application
If i attempt one of the WebApi end points using Postman i do not have any issues and the /api/values returns as expected (standard test endpoint)
However if i attempt the same operation using the MVC application I get a very frustrating error:
HttpsConnectionFilter[1]
Failed to authenticate HTTPS connection
I am hosting using Kestrel for Asp.Net core.
I have a self signed PFX certificate i created using powershell, and this is the code throwing the exception:
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate2("localcert.pfx", "xxx"));
var client = new HttpClient(handler);
var content = await client.GetStringAsync("https://localhost:44301/api/values");
And i get the same error if i were to run this:
var client = new HttpClient();
var content = await client.GetStringAsync("https://localhost:44301/api/values");
My Kestrel setup is like so in my Program.cs
var cert = new X509Certificate2("localcert.pfx", "xxx");
var host = new WebHostBuilder()
.UseKestrel(cfg => cfg.UseHttps(cert))
.UseUrls("https://localhost:44300")
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
host.Run();
I know i defined the cert again for the HttpClient above, but i am desperate.
Can anyone offer some insight as to why this is happening and how i can go about fixing it, or even debugging it because it is driving me crazy. I am in the process of going through and stepping through the KestrelHttpServer code to see if that will offer some insight.
This is the full error i get from the Kestrel console window
info: HttpsConnectionFilter1 Failed to authenticate HTTPS connection. System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) at System.Threading.Tasks.TaskFactory
1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__6.MoveNext()
回答1:
I had the same problem. After many hours of checking everything possible and even some impossible stuff, I managed to trace it back to wrongly generated SSL certificate.
I was creating mine according to this manual: How to: Create Your Own Test Certificate.
The certificate is generated using this command:
makecert -sv yourprivatekeyfile.pvk -n "cert name" yourcertfile.cer -r
where if -r is omitted, described error occurs.
Then pfx must be generated according to the manual. If one uses just cer, Kestrel will not start successfully.
I solved it by generating a new SSL certificate.
来源:https://stackoverflow.com/questions/41686299/failed-to-authenticate-https-connection-when-attempting-get-from-webapi