查看 OPENSSLDIR 路径终极解决方案

1、查看 OPENSSLDIR 路径

$ openssl version -a

  

2、然后把 CentOS 默认的 openssl CA证书拷贝过来。

 $ cp /etc/pki/tls/cert.pem /usr/local/openssl/

 

参考连接:https://lamjack.github.io/2018/05/11/centos-compile-openssl-missing-ca-bundle-crt/

忽略以下

============================================================

DOTNET CORE 部署 Centos7 抛出异常

环境变量如下:

.NET Core SDK (reflecting any global.json):

 Version:   2.2.401

 Commit:    729b316c13

Runtime Environment:

 OS Name:     centos

 OS Version:  7

 OS Platform: Linux

 RID:         centos.7-x64

 Base Path:   /usr/share/dotnet/sdk/2.2.401/

Host (useful for support):

  Version: 2.2.6

  Commit:  7dac9b1b51

.NET Core SDKs installed:

  2.2.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:

  Microsoft.AspNetCore.All 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]

  Microsoft.AspNetCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]

  Microsoft.NETCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:

  https://aka.ms/dotnet-download

测试代码:

using System;

using System.Diagnostics;

using System.Net.Http;

using System.Net.Http.Headers;

namespace TestHttpClient

{

    class Program

    {

        static void Main(string[] args)

        {

            try

            {

                using (var httpClient = new HttpClient())

                {

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));                    

                    string url = "https://jsonplaceholder.typicode.com/posts/1";

                    var response = httpClient.GetAsync(url).Result;

                    string jsonResult = response.Content.ReadAsStringAsync().Result;

                }

            }

            catch (Exception ex)

            {

                Debug.WriteLine(ex.ToString());

            }

        }

    }

}

服务器抛出异常:

System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
……………………………………………………

 

OR

The remote certificate is invalid according to the validation procedure.

解决方案:

By defining the System.Net.Http.UseSocketsHttpHandler switch in the .netcore.runtimeconfig.json configuration file:

 
"runtimeOptions": {

  "configProperties": {

      "System.Net.Http.UseSocketsHttpHandler": false

  }

}

=====================

以上可以解决问题,但不是根本解决

问题分析如下:

后续请参考以下:

using System;

using System.Diagnostics;

using System.Net;

using System.Net.Http;

using System.Net.Http.Headers;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

using System.Threading.Tasks;

namespace ConsoleClientTest

{

    internal class Program

    {

        private static async Task Main(string[] args)

        {

            try

            {

                //AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

                using (var httpClientHandler = new HttpClientHandler())

                {

                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) =>

                    {

                        Console.WriteLine("\r\n\r\n===================message==================\r\n\r\n {0}", message.ToString());

                        Console.WriteLine("\r\n\r\n==================cert==================\r\n\r\n {0}", certificate.ToString());

                        Console.WriteLine("\r\n\r\n==================chain==================\r\n\r\n{0}", chain.ToString());

                        Console.WriteLine("\r\n\r\n==================chain status==================\r\n\r\n{0}",

                            chain.ChainStatus.ToString());

                        Console.WriteLine("\r\n\r\n==================errors==================\r\n\r\n{0}", sslPolicyErrors.ToString());

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Received certificate with subject {certificate.Subject}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Current policy errors: {sslPolicyErrors}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        if (sslPolicyErrors == SslPolicyErrors.None)

                            return true;

                        else

                        {

                            if ((SslPolicyErrors.RemoteCertificateNameMismatch & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateNameMismatch)

                            {

                                Console.WriteLine("证书名称不匹配{0}", sslPolicyErrors);

                            }

                            if ((SslPolicyErrors.RemoteCertificateChainErrors & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateChainErrors)

                            {

                                foreach (X509ChainStatus status in chain.ChainStatus)

                                {

                                    Console.WriteLine("status code = {0}", status.Status);

                                    Console.WriteLine("Status info = {0}", status.StatusInformation);

                                }

                            }

                            Console.WriteLine("证书验证失败{0}", sslPolicyErrors);

                        }

                        return false;

                    };

                    Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                    using (var httpClient = new HttpClient(httpClientHandler))

                    {

                        httpClient.DefaultRequestHeaders.Accept.Add(

                            new MediaTypeWithQualityHeaderValue("application/json"));

                        const string url = "https://jsonplaceholder.typicode.com/posts/1";

                        using (var response = await httpClient.GetAsync(url))

                        {

                            var jsonResult = await response.Content.ReadAsStringAsync();

                            Console.WriteLine(jsonResult);

                        }

                    }

                }

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.ToString());

            }

        }

    }

}

通过以上代码,打印出以下语句

Status info = unable to get local issuer certificate trustasia

回想起昨天编译Nginx,手动安装了OPENSSL,版本问题,恢复后,一切正常

The request with exception: The SSL connection could not be established, see inner exception. requestId 解决方案的更多相关文章

  1. NetCore HttpClient The SSL connection could not be established, see inner exception

    之前遇到一个问题 https://www.cnblogs.com/leoxjy/p/10201046.html 在centos 7.x  HttpClient访问会出问题  The SSL conne ...

  2. powercli The SSL connection could not be established, see inner exception. 问题解决

    Connect-VIServer -Server 这里是"SSL连接不能建立......"这实际上意味着你没有一个有效的证书.如果你想连接到vCenter没有一个有效的证书,您必须 ...

  3. HttpClient SSL connection could not be established error

    系统从.net framework 升级到dotnet core2.1 原先工作正常的httpclient,会报SSL connection could not be established erro ...

  4. Could not create SSL connection through proxy serve-svn

    RA layer request failedsvn: Unable to connect to a repository at URL xxxxxx 最后:Could not create SSL ...

  5. Java连接MySQL Warning: Establishing SSL connection without server's identity verification is not recommended

    1. 数据库 1.1 创建表 在当前数据库students中,创建数据表student: mysql> create table student( ),#学生ID ),#学生姓名 -> a ...

  6. MySQL 警告WARN: Establishing SSL connection without server's identity verification is not recommended.解决办法

    Fri Jun 17 13:46:54 CST 2016 WARN: Establishing SSL connection without server's identity verificatio ...

  7. WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default i

    jdbc连接数据库候,对数据进行访问,访问正常当出现如下警告: WARN: Establishing SSL connection without server's identity verifica ...

  8. SVN通过域名连不上服务器地址(svn: E175002: OPTIONS request failed on '/svn/yx-SVN-Server' Connection refused: connect)

    用域名直连就连不上,如果换成了ip直连就可以连接上去了 https://yx-server01/svn/yx-SVN-Server 换为了 https://192.168.188.208/svn/yx ...

  9. C3P0 WARN: Establishing SSL connection without server's identity verification is not recommended

    c3p0的出现,是为了大大提高应用程序和数据库之间访问效率的. 它的特性: 编码的简单易用 连接的复用 连接的管理 今天在配置C3p0的时候出现了这个warn   原因是因为要验证SSL Wed Se ...

随机推荐

  1. centos7下zookeeper安装配置

    1.下载zookeeper文件 cd /opt/ wget http://mirrors.hust.edu.cn/apache/zookeeper/stable/zookeeper-3.4.9.tar ...

  2. 使用Excel绘制F分布概率密度函数图表

    使用Excel绘制F分布概率密度函数图表 利用Excel绘制t分布的概率密度函数的相同方式,可以绘制F分布的概率密度函数图表. F分布的概率密度函数如下图所示: 其中:μ为分子自由度,ν为分母自由度 ...

  3. python-django之cookie及session

    Cookie Cookie的由来 Http协议是无状态的 无状态的意思是每次都是独立的请求存在,它的执行情况和结果与前面的请求和后面的请求都无直接关系,它不会受到前面的请求响应情况直接影响,也不会直接 ...

  4. VMware中Centos7的静态ip设置

    网络连接方式:桥接模式.修改后确定.启动centos7,root账户进行登录. 2.修改网卡配置文件 (1) 打开网卡配置文件 vim /etc/sysconfig/network-scripts/i ...

  5. element UI的使用

    npm install --save element-ui main.js里面添加 import ElementUI from 'element-ui' import 'element-ui/lib/ ...

  6. IO复用: select 和poll 到epoll

    linux 提供了select.poll和epoll三种接口来实现多路IO复用.下面总结下这三种接口. select 该函数允许进程指示内核等待多个事件中的任何一个发生,并只在有一个或多个事件发生或经 ...

  7. 常用的kubectl命令

    本文主要介绍kubernetes排查问题时经常用到的命令.这里主要借助kubectl命令来实现.以下列出常用命令,后面会对每个命令进行详细解释,并举例: kubectl核心命令 get  获取列出一个 ...

  8. linux-mysql-install

    版本是5.6之前的,安装MySQL步骤 yum install mysql-server 安装服务器端 yum install mysql-devel 安装服务器端 mysql配置文件/etc/my. ...

  9. BZOJ 2238: Mst DFS序+KDtree

    明明可以用二维数点来做啊,网上为什么都是树剖+线段树呢 ? code: #include <cstdio> #include <cstring> #include <al ...

  10. MD5文件去重

    //计算文件的MD5码 private string getMD5Hash(string pathName) { string strResult = ""; string str ...