503 error consuming thirdy part Soap webservice using TLS 1.2 and client certificate authentication with WCF

廉价感情. 提交于 2021-02-18 19:38:57

问题


I've got a problem consuming a Soap Web Service(w/att.) and MTOM that requires client certificate authentication (mutual?).

Before writing what i've already tried i show you what i did in order to receive a client certificate:

  1. I've generated a RSA key with openssl command openssl genrssa -out mykey.key 2048
  2. With this key i've generated a CSR: openssl req -new -key mykey.key -out mycsr.csr
  3. I've sent this CSR to the web service owner in order to receive a client certificate, and they gave me a signed certificate: certificate.cer

Now that i've got my client certificate i've added it in my certificate store under Trusted Root Certification Authority.

Now the code:

First of all i created a Test Project in Visual Studio and i added a Service Reference using the WSDL of the service.

Then i wrote few lines of code:

' Setting TLS 1.2 protocol '
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
ServicePointManager.ServerCertificateValidationCallback = Function(sender1, certificate, chain, sslPolicyErrors)
                                                              Return True
                                                          End Function

'Creating endpoint and binding'
Dim endpoint As EndpointAddress = New EndpointAddress("https://myWebService.it/service-page")
Dim sslBinding As BasicHttpBinding = New BasicHttpBinding(BasicHttpSecurityMode.Transport)

'Setting CredentialType = Certificate'
sslBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate

'Getting the client certificate from the store'
Dim coll = New X509Store(StoreName.My, StoreLocation.CurrentUser)
coll.Open(OpenFlags.ReadOnly)
Dim cert = coll.Certificates.Find(X509FindType.FindByThumbprint, "76DB1454D4B25ACEAF2BAE465C310E3119278792", True)

'Creating the service'
Dim svc As SdITrasmissioneFileClient = New SdITrasmissioneFileClient(sslBinding, endpoint)

'Setting the certificate inside client credentials'
svc.ClientCredentials.ClientCertificate.Certificate = cert(0)

svc.Open()

'Calling the service'
Dim resp As RispostaEsito_Type = svc.Esito(New Esito_Type() With {.IDFile = "4454555"})

svc.Close()

It looks very simple to me, but when i execute my code i get a

System.ServiceModel.Security.MessageSecurityException: 'The HTTP request was forbidden with client authentication scheme 'Anonymous'.'

Internal Exception: WebException: Remote Server Error: (403) Forbidden

Next i analyzed traffic using Fiddler and Wireshark and i discovered that, during TLS handshake between client and server, the client doesn't send the certificate to the server.

Now i don't understand the reason why, even if i added the certificate to client credentials, it is not sent to the destination.


回答1:


After a lot of readings, i discovered what i was missing:

  • The Client Certificate .cer doesn't contain the private key!

What i did:

  1. I converted .cer file in PEM format with the following command:

    openssl x509 -inform der -in ClientCert.cer -out ClientCert.pem

  2. I created a .pfx certificate with my private key:

    openssl pkcs12 -export -in ClientCert.pem -inkey mykey.key -out ClientCert.pfx

Then installing .pfx certificate everything works like a charm.

I hope somebody find it usefull.



来源:https://stackoverflow.com/questions/46559467/503-error-consuming-thirdy-part-soap-webservice-using-tls-1-2-and-client-certifi

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!