查看 OPENSSLDIR 路径终极解决方案

1、查看 OPENSSLDIR 路径

$ openssl version -a

  

2、然后把 CentOS 默认的 openssl CA证书拷贝过来。

 $ cp /etc/pki/tls/cert.pem /usr/local/openssl/

 

参考连接:https://lamjack.github.io/2018/05/11/centos-compile-openssl-missing-ca-bundle-crt/

忽略以下

============================================================

DOTNET CORE 部署 Centos7 抛出异常

环境变量如下:

.NET Core SDK (reflecting any global.json):

 Version:   2.2.401

 Commit:    729b316c13

Runtime Environment:

 OS Name:     centos

 OS Version:  7

 OS Platform: Linux

 RID:         centos.7-x64

 Base Path:   /usr/share/dotnet/sdk/2.2.401/

Host (useful for support):

  Version: 2.2.6

  Commit:  7dac9b1b51

.NET Core SDKs installed:

  2.2.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:

  Microsoft.AspNetCore.All 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]

  Microsoft.AspNetCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]

  Microsoft.NETCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:

  https://aka.ms/dotnet-download

测试代码:

using System;

using System.Diagnostics;

using System.Net.Http;

using System.Net.Http.Headers;

namespace TestHttpClient

{

    class Program

    {

        static void Main(string[] args)

        {

            try

            {

                using (var httpClient = new HttpClient())

                {

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));                    

                    string url = "https://jsonplaceholder.typicode.com/posts/1";

                    var response = httpClient.GetAsync(url).Result;

                    string jsonResult = response.Content.ReadAsStringAsync().Result;

                }

            }

            catch (Exception ex)

            {

                Debug.WriteLine(ex.ToString());

            }

        }

    }

}

服务器抛出异常:

System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
……………………………………………………

 

OR

The remote certificate is invalid according to the validation procedure.

解决方案:

By defining the System.Net.Http.UseSocketsHttpHandler switch in the .netcore.runtimeconfig.json configuration file:

 
"runtimeOptions": {

  "configProperties": {

      "System.Net.Http.UseSocketsHttpHandler": false

  }

}

=====================

以上可以解决问题,但不是根本解决

问题分析如下:

后续请参考以下:

using System;

using System.Diagnostics;

using System.Net;

using System.Net.Http;

using System.Net.Http.Headers;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

using System.Threading.Tasks;

namespace ConsoleClientTest

{

    internal class Program

    {

        private static async Task Main(string[] args)

        {

            try

            {

                //AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

                using (var httpClientHandler = new HttpClientHandler())

                {

                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) =>

                    {

                        Console.WriteLine("\r\n\r\n===================message==================\r\n\r\n {0}", message.ToString());

                        Console.WriteLine("\r\n\r\n==================cert==================\r\n\r\n {0}", certificate.ToString());

                        Console.WriteLine("\r\n\r\n==================chain==================\r\n\r\n{0}", chain.ToString());

                        Console.WriteLine("\r\n\r\n==================chain status==================\r\n\r\n{0}",

                            chain.ChainStatus.ToString());

                        Console.WriteLine("\r\n\r\n==================errors==================\r\n\r\n{0}", sslPolicyErrors.ToString());

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Received certificate with subject {certificate.Subject}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Current policy errors: {sslPolicyErrors}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        if (sslPolicyErrors == SslPolicyErrors.None)

                            return true;

                        else

                        {

                            if ((SslPolicyErrors.RemoteCertificateNameMismatch & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateNameMismatch)

                            {

                                Console.WriteLine("证书名称不匹配{0}", sslPolicyErrors);

                            }

                            if ((SslPolicyErrors.RemoteCertificateChainErrors & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateChainErrors)

                            {

                                foreach (X509ChainStatus status in chain.ChainStatus)

                                {

                                    Console.WriteLine("status code = {0}", status.Status);

                                    Console.WriteLine("Status info = {0}", status.StatusInformation);

                                }

                            }

                            Console.WriteLine("证书验证失败{0}", sslPolicyErrors);

                        }

                        return false;

                    };

                    Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                    using (var httpClient = new HttpClient(httpClientHandler))

                    {

                        httpClient.DefaultRequestHeaders.Accept.Add(

                            new MediaTypeWithQualityHeaderValue("application/json"));

                        const string url = "https://jsonplaceholder.typicode.com/posts/1";

                        using (var response = await httpClient.GetAsync(url))

                        {

                            var jsonResult = await response.Content.ReadAsStringAsync();

                            Console.WriteLine(jsonResult);

                        }

                    }

                }

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.ToString());

            }

        }

    }

}

通过以上代码,打印出以下语句

Status info = unable to get local issuer certificate trustasia

回想起昨天编译Nginx,手动安装了OPENSSL,版本问题,恢复后,一切正常

The request with exception: The SSL connection could not be established, see inner exception. requestId 解决方案的更多相关文章

  1. NetCore HttpClient The SSL connection could not be established, see inner exception

    之前遇到一个问题 https://www.cnblogs.com/leoxjy/p/10201046.html 在centos 7.x  HttpClient访问会出问题  The SSL conne ...

  2. powercli The SSL connection could not be established, see inner exception. 问题解决

    Connect-VIServer -Server 这里是"SSL连接不能建立......"这实际上意味着你没有一个有效的证书.如果你想连接到vCenter没有一个有效的证书,您必须 ...

  3. HttpClient SSL connection could not be established error

    系统从.net framework 升级到dotnet core2.1 原先工作正常的httpclient,会报SSL connection could not be established erro ...

  4. Could not create SSL connection through proxy serve-svn

    RA layer request failedsvn: Unable to connect to a repository at URL xxxxxx 最后:Could not create SSL ...

  5. Java连接MySQL Warning: Establishing SSL connection without server's identity verification is not recommended

    1. 数据库 1.1 创建表 在当前数据库students中,创建数据表student: mysql> create table student( ),#学生ID ),#学生姓名 -> a ...

  6. MySQL 警告WARN: Establishing SSL connection without server's identity verification is not recommended.解决办法

    Fri Jun 17 13:46:54 CST 2016 WARN: Establishing SSL connection without server's identity verificatio ...

  7. WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default i

    jdbc连接数据库候,对数据进行访问,访问正常当出现如下警告: WARN: Establishing SSL connection without server's identity verifica ...

  8. SVN通过域名连不上服务器地址(svn: E175002: OPTIONS request failed on '/svn/yx-SVN-Server' Connection refused: connect)

    用域名直连就连不上,如果换成了ip直连就可以连接上去了 https://yx-server01/svn/yx-SVN-Server 换为了 https://192.168.188.208/svn/yx ...

  9. C3P0 WARN: Establishing SSL connection without server's identity verification is not recommended

    c3p0的出现,是为了大大提高应用程序和数据库之间访问效率的. 它的特性: 编码的简单易用 连接的复用 连接的管理 今天在配置C3p0的时候出现了这个warn   原因是因为要验证SSL Wed Se ...

随机推荐

  1. PHP+JS的信息提示弹窗

    基于PHP函数的Msg信息提示框 1.可以设置弹出信息,跳转地址,跳转的时间,跳转的信息标题提示: 2.代码实例: <?php function ShowMsg($msg, $gourl,$ti ...

  2. javascript获取网页宽高,屏幕宽高,屏幕分辨率等

    ​ <script> var s = ""; s += "\r\n网页可见区域宽:"+ document.body.clientWidth; s + ...

  3. 转:父类私有变量是否被子类继承详细解说(答案:内存中存在,但sun公司定义为不继承)

    应作者要求,本处提供一个连接,表示对原作者版权尊重. https://blog.csdn.net/mr_duantao/article/details/50966471

  4. linux中的常用信号

    linux中的常用信号,见如下列表: 信号名 值 标注 解释 ------------------------------------------------------------------ HU ...

  5. BUUCTF Youngter-drive

    exe逆向,首先查壳,发现有upx壳,upx -d脱壳,拖进ida找到主函数这里可以看到创建了两个线程,先沿着StartAddress,一直找到sub_411940,这里有一个问题,当使用f5是,会显 ...

  6. 记一次CentOS7进单用户模式修改密码的失败经历(faild to load SELinux policy freezing)

    背景:Cent SO7.4root用户密码忘记,根据https://www.linuxidc.com/Linux/2016-08/134034.htm提供的放法修改完密码之后系统启动后一直停留在转圈的 ...

  7. 2018-2-13-win10-uwp-从-Unity-创建

    title author date CreateTime categories win10 uwp 从 Unity 创建 lindexi 2018-2-13 17:23:3 +0800 2018-2- ...

  8. while/until/for 循环举例2

  9. python安装pika模块rabbitmq

    1.pip install pika 2.如找不到 拷贝 D:\python\testmq\venv\Lib\site-packages  \pika目录

  10. C++ 虚函数和多重继承的内存布局初探

    C++ 对象的内存布局 一切以事实说话: 代码: 1: #include <stdio.h> 2:  3: class A { 4: public: 5: int a; 6: int b; ...