查看 OPENSSLDIR 路径终极解决方案

1、查看 OPENSSLDIR 路径

$ openssl version -a

  

2、然后把 CentOS 默认的 openssl CA证书拷贝过来。

 $ cp /etc/pki/tls/cert.pem /usr/local/openssl/

 

参考连接:https://lamjack.github.io/2018/05/11/centos-compile-openssl-missing-ca-bundle-crt/

忽略以下

============================================================

DOTNET CORE 部署 Centos7 抛出异常

环境变量如下:

.NET Core SDK (reflecting any global.json):

 Version:   2.2.401

 Commit:    729b316c13

Runtime Environment:

 OS Name:     centos

 OS Version:  7

 OS Platform: Linux

 RID:         centos.7-x64

 Base Path:   /usr/share/dotnet/sdk/2.2.401/

Host (useful for support):

  Version: 2.2.6

  Commit:  7dac9b1b51

.NET Core SDKs installed:

  2.2.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:

  Microsoft.AspNetCore.All 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]

  Microsoft.AspNetCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]

  Microsoft.NETCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:

  https://aka.ms/dotnet-download

测试代码:

using System;

using System.Diagnostics;

using System.Net.Http;

using System.Net.Http.Headers;

namespace TestHttpClient

{

    class Program

    {

        static void Main(string[] args)

        {

            try

            {

                using (var httpClient = new HttpClient())

                {

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));                    

                    string url = "https://jsonplaceholder.typicode.com/posts/1";

                    var response = httpClient.GetAsync(url).Result;

                    string jsonResult = response.Content.ReadAsStringAsync().Result;

                }

            }

            catch (Exception ex)

            {

                Debug.WriteLine(ex.ToString());

            }

        }

    }

}

服务器抛出异常:

System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
……………………………………………………

 

OR

The remote certificate is invalid according to the validation procedure.

解决方案:

By defining the System.Net.Http.UseSocketsHttpHandler switch in the .netcore.runtimeconfig.json configuration file:

 
"runtimeOptions": {

  "configProperties": {

      "System.Net.Http.UseSocketsHttpHandler": false

  }

}

=====================

以上可以解决问题,但不是根本解决

问题分析如下:

后续请参考以下:

using System;

using System.Diagnostics;

using System.Net;

using System.Net.Http;

using System.Net.Http.Headers;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

using System.Threading.Tasks;

namespace ConsoleClientTest

{

    internal class Program

    {

        private static async Task Main(string[] args)

        {

            try

            {

                //AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

                using (var httpClientHandler = new HttpClientHandler())

                {

                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) =>

                    {

                        Console.WriteLine("\r\n\r\n===================message==================\r\n\r\n {0}", message.ToString());

                        Console.WriteLine("\r\n\r\n==================cert==================\r\n\r\n {0}", certificate.ToString());

                        Console.WriteLine("\r\n\r\n==================chain==================\r\n\r\n{0}", chain.ToString());

                        Console.WriteLine("\r\n\r\n==================chain status==================\r\n\r\n{0}",

                            chain.ChainStatus.ToString());

                        Console.WriteLine("\r\n\r\n==================errors==================\r\n\r\n{0}", sslPolicyErrors.ToString());

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Received certificate with subject {certificate.Subject}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Current policy errors: {sslPolicyErrors}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        if (sslPolicyErrors == SslPolicyErrors.None)

                            return true;

                        else

                        {

                            if ((SslPolicyErrors.RemoteCertificateNameMismatch & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateNameMismatch)

                            {

                                Console.WriteLine("证书名称不匹配{0}", sslPolicyErrors);

                            }

                            if ((SslPolicyErrors.RemoteCertificateChainErrors & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateChainErrors)

                            {

                                foreach (X509ChainStatus status in chain.ChainStatus)

                                {

                                    Console.WriteLine("status code = {0}", status.Status);

                                    Console.WriteLine("Status info = {0}", status.StatusInformation);

                                }

                            }

                            Console.WriteLine("证书验证失败{0}", sslPolicyErrors);

                        }

                        return false;

                    };

                    Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                    using (var httpClient = new HttpClient(httpClientHandler))

                    {

                        httpClient.DefaultRequestHeaders.Accept.Add(

                            new MediaTypeWithQualityHeaderValue("application/json"));

                        const string url = "https://jsonplaceholder.typicode.com/posts/1";

                        using (var response = await httpClient.GetAsync(url))

                        {

                            var jsonResult = await response.Content.ReadAsStringAsync();

                            Console.WriteLine(jsonResult);

                        }

                    }

                }

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.ToString());

            }

        }

    }

}

通过以上代码,打印出以下语句

Status info = unable to get local issuer certificate trustasia

回想起昨天编译Nginx,手动安装了OPENSSL,版本问题,恢复后,一切正常

The request with exception: The SSL connection could not be established, see inner exception. requestId 解决方案的更多相关文章

  1. NetCore HttpClient The SSL connection could not be established, see inner exception

    之前遇到一个问题 https://www.cnblogs.com/leoxjy/p/10201046.html 在centos 7.x  HttpClient访问会出问题  The SSL conne ...

  2. powercli The SSL connection could not be established, see inner exception. 问题解决

    Connect-VIServer -Server 这里是"SSL连接不能建立......"这实际上意味着你没有一个有效的证书.如果你想连接到vCenter没有一个有效的证书,您必须 ...

  3. HttpClient SSL connection could not be established error

    系统从.net framework 升级到dotnet core2.1 原先工作正常的httpclient,会报SSL connection could not be established erro ...

  4. Could not create SSL connection through proxy serve-svn

    RA layer request failedsvn: Unable to connect to a repository at URL xxxxxx 最后:Could not create SSL ...

  5. Java连接MySQL Warning: Establishing SSL connection without server's identity verification is not recommended

    1. 数据库 1.1 创建表 在当前数据库students中,创建数据表student: mysql> create table student( ),#学生ID ),#学生姓名 -> a ...

  6. MySQL 警告WARN: Establishing SSL connection without server's identity verification is not recommended.解决办法

    Fri Jun 17 13:46:54 CST 2016 WARN: Establishing SSL connection without server's identity verificatio ...

  7. WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default i

    jdbc连接数据库候,对数据进行访问,访问正常当出现如下警告: WARN: Establishing SSL connection without server's identity verifica ...

  8. SVN通过域名连不上服务器地址(svn: E175002: OPTIONS request failed on '/svn/yx-SVN-Server' Connection refused: connect)

    用域名直连就连不上,如果换成了ip直连就可以连接上去了 https://yx-server01/svn/yx-SVN-Server 换为了 https://192.168.188.208/svn/yx ...

  9. C3P0 WARN: Establishing SSL connection without server's identity verification is not recommended

    c3p0的出现,是为了大大提高应用程序和数据库之间访问效率的. 它的特性: 编码的简单易用 连接的复用 连接的管理 今天在配置C3p0的时候出现了这个warn   原因是因为要验证SSL Wed Se ...

随机推荐

  1. CentOS7 图形化方式安装Oracle 18c 安装配置

    下载 Oracle 数据库,zip 包 https://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.h ...

  2. JS中获取元素使用getElementByID()、getElementsByName()、getElementsByTagName()的用法和区别

    Web标准下可以通过getElementById(), getElementsByName(), and getElementsByTagName()访问Documnent中的任一个标签:   1 g ...

  3. zabbix配置-模板

    1.配置=>模板=>创建模板=>输入模板名称和群组 2.配置=>模板=>找到刚刚创建的模板=>点击应用集(applications)=>创建应用集=>输 ...

  4. Jmeter登录中的cookie问题

    Jmeter中发送多个http请求,由于后面的请求需要登录后才能获取到数据,所以前面先要发送登录请求. 登录时会写cookie到本地,后面的请求中会读取cookie中的JSESSIONID,若后面的请 ...

  5. "New page after" by code

    Hi. There is a method for starting of the new page in the EngineV2: Engine.NewPage(); You can call i ...

  6. Appium移动端自动化:元素定位uiautomatorviewer

    一.启动uiautomatorviewer mac: 1.打开终端,进入Android/sdk/tools目录 2.打开uiautomatorviewer(我的路径是Android/sdk/tools ...

  7. undefined,null,var 0 = {},var s = '',的区别

    undefined:不清楚变量的类型:var m; null:知道该变量是对象的引用,但是地址为空 var o = {};这是一个对象,有指向地址,但是值为空 var 0 = '';这是一个空的字符串

  8. Oracle学习笔记<5>

    组函数(多值函数) 数据库中函数的分类:1)单值函数 Single Rows Functions 特点:n条数据参与函数处理,最终得到n条结果.2)多值函数(组函数) Multiple Rows Fu ...

  9. 目录---Asp.NETCore轻松学系列【目录】

    随笔分类 - Asp.NETCore轻松学系列 Asp.NETCore轻松学系列阅读指引目录 摘要: 耗时两个多月,坚持写这个入门系列文章,就是想给后来者更好更快的上手体验,这个系列可以说是从入门到进 ...

  10. int类型转换舍入问题

    一,看代码 using System; using System.Collections.Generic; using System.Linq; using System.Text; using Sy ...