查看 OPENSSLDIR 路径终极解决方案

1、查看 OPENSSLDIR 路径

$ openssl version -a

  

2、然后把 CentOS 默认的 openssl CA证书拷贝过来。

 $ cp /etc/pki/tls/cert.pem /usr/local/openssl/

 

参考连接:https://lamjack.github.io/2018/05/11/centos-compile-openssl-missing-ca-bundle-crt/

忽略以下

============================================================

DOTNET CORE 部署 Centos7 抛出异常

环境变量如下:

.NET Core SDK (reflecting any global.json):

 Version:   2.2.401

 Commit:    729b316c13

Runtime Environment:

 OS Name:     centos

 OS Version:  7

 OS Platform: Linux

 RID:         centos.7-x64

 Base Path:   /usr/share/dotnet/sdk/2.2.401/

Host (useful for support):

  Version: 2.2.6

  Commit:  7dac9b1b51

.NET Core SDKs installed:

  2.2.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:

  Microsoft.AspNetCore.All 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]

  Microsoft.AspNetCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]

  Microsoft.NETCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:

  https://aka.ms/dotnet-download

测试代码:

using System;

using System.Diagnostics;

using System.Net.Http;

using System.Net.Http.Headers;

namespace TestHttpClient

{

    class Program

    {

        static void Main(string[] args)

        {

            try

            {

                using (var httpClient = new HttpClient())

                {

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));                    

                    string url = "https://jsonplaceholder.typicode.com/posts/1";

                    var response = httpClient.GetAsync(url).Result;

                    string jsonResult = response.Content.ReadAsStringAsync().Result;

                }

            }

            catch (Exception ex)

            {

                Debug.WriteLine(ex.ToString());

            }

        }

    }

}

服务器抛出异常:

System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
……………………………………………………

 

OR

The remote certificate is invalid according to the validation procedure.

解决方案:

By defining the System.Net.Http.UseSocketsHttpHandler switch in the .netcore.runtimeconfig.json configuration file:

 
"runtimeOptions": {

  "configProperties": {

      "System.Net.Http.UseSocketsHttpHandler": false

  }

}

=====================

以上可以解决问题,但不是根本解决

问题分析如下:

后续请参考以下:

using System;

using System.Diagnostics;

using System.Net;

using System.Net.Http;

using System.Net.Http.Headers;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

using System.Threading.Tasks;

namespace ConsoleClientTest

{

    internal class Program

    {

        private static async Task Main(string[] args)

        {

            try

            {

                //AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

                using (var httpClientHandler = new HttpClientHandler())

                {

                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) =>

                    {

                        Console.WriteLine("\r\n\r\n===================message==================\r\n\r\n {0}", message.ToString());

                        Console.WriteLine("\r\n\r\n==================cert==================\r\n\r\n {0}", certificate.ToString());

                        Console.WriteLine("\r\n\r\n==================chain==================\r\n\r\n{0}", chain.ToString());

                        Console.WriteLine("\r\n\r\n==================chain status==================\r\n\r\n{0}",

                            chain.ChainStatus.ToString());

                        Console.WriteLine("\r\n\r\n==================errors==================\r\n\r\n{0}", sslPolicyErrors.ToString());

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Received certificate with subject {certificate.Subject}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Current policy errors: {sslPolicyErrors}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        if (sslPolicyErrors == SslPolicyErrors.None)

                            return true;

                        else

                        {

                            if ((SslPolicyErrors.RemoteCertificateNameMismatch & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateNameMismatch)

                            {

                                Console.WriteLine("证书名称不匹配{0}", sslPolicyErrors);

                            }

                            if ((SslPolicyErrors.RemoteCertificateChainErrors & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateChainErrors)

                            {

                                foreach (X509ChainStatus status in chain.ChainStatus)

                                {

                                    Console.WriteLine("status code = {0}", status.Status);

                                    Console.WriteLine("Status info = {0}", status.StatusInformation);

                                }

                            }

                            Console.WriteLine("证书验证失败{0}", sslPolicyErrors);

                        }

                        return false;

                    };

                    Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                    using (var httpClient = new HttpClient(httpClientHandler))

                    {

                        httpClient.DefaultRequestHeaders.Accept.Add(

                            new MediaTypeWithQualityHeaderValue("application/json"));

                        const string url = "https://jsonplaceholder.typicode.com/posts/1";

                        using (var response = await httpClient.GetAsync(url))

                        {

                            var jsonResult = await response.Content.ReadAsStringAsync();

                            Console.WriteLine(jsonResult);

                        }

                    }

                }

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.ToString());

            }

        }

    }

}

通过以上代码,打印出以下语句

Status info = unable to get local issuer certificate trustasia

回想起昨天编译Nginx,手动安装了OPENSSL,版本问题,恢复后,一切正常

The request with exception: The SSL connection could not be established, see inner exception. requestId 解决方案的更多相关文章

  1. NetCore HttpClient The SSL connection could not be established, see inner exception

    之前遇到一个问题 https://www.cnblogs.com/leoxjy/p/10201046.html 在centos 7.x  HttpClient访问会出问题  The SSL conne ...

  2. powercli The SSL connection could not be established, see inner exception. 问题解决

    Connect-VIServer -Server 这里是"SSL连接不能建立......"这实际上意味着你没有一个有效的证书.如果你想连接到vCenter没有一个有效的证书,您必须 ...

  3. HttpClient SSL connection could not be established error

    系统从.net framework 升级到dotnet core2.1 原先工作正常的httpclient,会报SSL connection could not be established erro ...

  4. Could not create SSL connection through proxy serve-svn

    RA layer request failedsvn: Unable to connect to a repository at URL xxxxxx 最后:Could not create SSL ...

  5. Java连接MySQL Warning: Establishing SSL connection without server's identity verification is not recommended

    1. 数据库 1.1 创建表 在当前数据库students中,创建数据表student: mysql> create table student( ),#学生ID ),#学生姓名 -> a ...

  6. MySQL 警告WARN: Establishing SSL connection without server's identity verification is not recommended.解决办法

    Fri Jun 17 13:46:54 CST 2016 WARN: Establishing SSL connection without server's identity verificatio ...

  7. WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default i

    jdbc连接数据库候,对数据进行访问,访问正常当出现如下警告: WARN: Establishing SSL connection without server's identity verifica ...

  8. SVN通过域名连不上服务器地址(svn: E175002: OPTIONS request failed on '/svn/yx-SVN-Server' Connection refused: connect)

    用域名直连就连不上,如果换成了ip直连就可以连接上去了 https://yx-server01/svn/yx-SVN-Server 换为了 https://192.168.188.208/svn/yx ...

  9. C3P0 WARN: Establishing SSL connection without server's identity verification is not recommended

    c3p0的出现,是为了大大提高应用程序和数据库之间访问效率的. 它的特性: 编码的简单易用 连接的复用 连接的管理 今天在配置C3p0的时候出现了这个warn   原因是因为要验证SSL Wed Se ...

随机推荐

  1. 出席分布式事务Seata 1.0.0 GA典礼

    前言 图中那个红衣服的就是本人 什么是分布式事务 分布式事务就是指事务的参与者.支持事务的服务器.资源服务器以及事务管理器分别位于不同的分布式系统的不同节点之上. 简单的说,就是一次大的操作由不同的小 ...

  2. jenkins实现master变化时,才触发构建(过滤分支)

    现状:现在是这样的,每个开发push时,都触发jenkins进行构建 期望:只有当代码被push到master时才进行构建 (根据使用的git平台)做这些配置需要先了解一些概念: (github) p ...

  3. 网络安全随笔 - Linux的netstat查看端口 0.0.0.0与127.0.0.1的区别

    linux运维都需要对端口开放查看  netstat 就是对端口信息的查看 # netstat -nltp p 查看端口挂的程序 [root@iz2ze5is23zeo1ipvn65aiz ~]# n ...

  4. 项目搭建(二):NUnit&TestStack.White

    一.单元测试框架NUnit NUnit是所有.net语言的单元测试框架.使用C#语言编写. 测试框架:NUnit3 1. 安装NuGet包管理器 2. 在NuGet中安装NUnit.NUnit.Con ...

  5. 关于列表倒序输出的几种方法——python第7天

    项目:将列表li1 = [1, 6, 4, 3, 7, 9]倒序输出为[9, 7, 6, 4, 3, 1] li2 = ['a', 'm', 's', 'g']倒序输出为['g', 's', 'm', ...

  6. C++ 中的 const、引用和指针的深入分析

    1,关于 const 的疑问: 1,const 什么时候为只读变量,什么时候是常量: 1,const 从 C 到 C++ 进化的过程中得到了升级,const 在 C++ 中不仅仅像在 C 中声明一个只 ...

  7. Python中sys模块

    Python的sys模块提供访问解释器使用或维护的变量,和与解释器进行交互的函数.通俗来讲,sys模块负责程序与python解释器的交互,提供了一系列的函数和变量,用于操控python运行时的环境. ...

  8. USACO 2014 US Open Odometer /// 数位DP

    题目大意: 给定区间 l r 求得区间中有多少个数 数的各个数位里出现最多次的数>=数的长度的一半 如2233 3334 枚举k在数中出现次数在一半以上 那么求出的所有方案数中应该减去 两个数各 ...

  9. Docker 清理容器 log 日志

    原文 Docker 清理容器 log 日志 docker logs <容器ID> 是常用命令,来查看容器运行日志,但时间长了之后,就会发现越来越慢,log 太多了,这时就需要清理一下. 先 ...

  10. elasticsearch 分析器 分词器

    参考:https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-tokenizers.html 在全文搜索(Fu ...