查看 OPENSSLDIR 路径终极解决方案

1、查看 OPENSSLDIR 路径

$ openssl version -a

  

2、然后把 CentOS 默认的 openssl CA证书拷贝过来。

 $ cp /etc/pki/tls/cert.pem /usr/local/openssl/

 

参考连接:https://lamjack.github.io/2018/05/11/centos-compile-openssl-missing-ca-bundle-crt/

忽略以下

============================================================

DOTNET CORE 部署 Centos7 抛出异常

环境变量如下:

.NET Core SDK (reflecting any global.json):

 Version:   2.2.401

 Commit:    729b316c13

Runtime Environment:

 OS Name:     centos

 OS Version:  7

 OS Platform: Linux

 RID:         centos.7-x64

 Base Path:   /usr/share/dotnet/sdk/2.2.401/

Host (useful for support):

  Version: 2.2.6

  Commit:  7dac9b1b51

.NET Core SDKs installed:

  2.2.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:

  Microsoft.AspNetCore.All 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]

  Microsoft.AspNetCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]

  Microsoft.NETCore.App 2.2.6 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:

  https://aka.ms/dotnet-download

测试代码:

using System;

using System.Diagnostics;

using System.Net.Http;

using System.Net.Http.Headers;

namespace TestHttpClient

{

    class Program

    {

        static void Main(string[] args)

        {

            try

            {

                using (var httpClient = new HttpClient())

                {

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));                    

                    string url = "https://jsonplaceholder.typicode.com/posts/1";

                    var response = httpClient.GetAsync(url).Result;

                    string jsonResult = response.Content.ReadAsStringAsync().Result;

                }

            }

            catch (Exception ex)

            {

                Debug.WriteLine(ex.ToString());

            }

        }

    }

}

服务器抛出异常:

System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
……………………………………………………

 

OR

The remote certificate is invalid according to the validation procedure.

解决方案:

By defining the System.Net.Http.UseSocketsHttpHandler switch in the .netcore.runtimeconfig.json configuration file:

 
"runtimeOptions": {

  "configProperties": {

      "System.Net.Http.UseSocketsHttpHandler": false

  }

}

=====================

以上可以解决问题,但不是根本解决

问题分析如下:

后续请参考以下:

using System;

using System.Diagnostics;

using System.Net;

using System.Net.Http;

using System.Net.Http.Headers;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

using System.Threading.Tasks;

namespace ConsoleClientTest

{

    internal class Program

    {

        private static async Task Main(string[] args)

        {

            try

            {

                //AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

                using (var httpClientHandler = new HttpClientHandler())

                {

                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) =>

                    {

                        Console.WriteLine("\r\n\r\n===================message==================\r\n\r\n {0}", message.ToString());

                        Console.WriteLine("\r\n\r\n==================cert==================\r\n\r\n {0}", certificate.ToString());

                        Console.WriteLine("\r\n\r\n==================chain==================\r\n\r\n{0}", chain.ToString());

                        Console.WriteLine("\r\n\r\n==================chain status==================\r\n\r\n{0}",

                            chain.ChainStatus.ToString());

                        Console.WriteLine("\r\n\r\n==================errors==================\r\n\r\n{0}", sslPolicyErrors.ToString());

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Received certificate with subject {certificate.Subject}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        Console.WriteLine($"Current policy errors: {sslPolicyErrors}");

                        Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                        if (sslPolicyErrors == SslPolicyErrors.None)

                            return true;

                        else

                        {

                            if ((SslPolicyErrors.RemoteCertificateNameMismatch & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateNameMismatch)

                            {

                                Console.WriteLine("证书名称不匹配{0}", sslPolicyErrors);

                            }

                            if ((SslPolicyErrors.RemoteCertificateChainErrors & sslPolicyErrors) == SslPolicyErrors.RemoteCertificateChainErrors)

                            {

                                foreach (X509ChainStatus status in chain.ChainStatus)

                                {

                                    Console.WriteLine("status code = {0}", status.Status);

                                    Console.WriteLine("Status info = {0}", status.StatusInformation);

                                }

                            }

                            Console.WriteLine("证书验证失败{0}", sslPolicyErrors);

                        }

                        return false;

                    };

                    Console.WriteLine("\r\n\r\n====================================================\r\n\r\n");

                    using (var httpClient = new HttpClient(httpClientHandler))

                    {

                        httpClient.DefaultRequestHeaders.Accept.Add(

                            new MediaTypeWithQualityHeaderValue("application/json"));

                        const string url = "https://jsonplaceholder.typicode.com/posts/1";

                        using (var response = await httpClient.GetAsync(url))

                        {

                            var jsonResult = await response.Content.ReadAsStringAsync();

                            Console.WriteLine(jsonResult);

                        }

                    }

                }

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.ToString());

            }

        }

    }

}

通过以上代码,打印出以下语句

Status info = unable to get local issuer certificate trustasia

回想起昨天编译Nginx,手动安装了OPENSSL,版本问题,恢复后,一切正常

The request with exception: The SSL connection could not be established, see inner exception. requestId 解决方案的更多相关文章

  1. NetCore HttpClient The SSL connection could not be established, see inner exception

    之前遇到一个问题 https://www.cnblogs.com/leoxjy/p/10201046.html 在centos 7.x  HttpClient访问会出问题  The SSL conne ...

  2. powercli The SSL connection could not be established, see inner exception. 问题解决

    Connect-VIServer -Server 这里是"SSL连接不能建立......"这实际上意味着你没有一个有效的证书.如果你想连接到vCenter没有一个有效的证书,您必须 ...

  3. HttpClient SSL connection could not be established error

    系统从.net framework 升级到dotnet core2.1 原先工作正常的httpclient,会报SSL connection could not be established erro ...

  4. Could not create SSL connection through proxy serve-svn

    RA layer request failedsvn: Unable to connect to a repository at URL xxxxxx 最后:Could not create SSL ...

  5. Java连接MySQL Warning: Establishing SSL connection without server's identity verification is not recommended

    1. 数据库 1.1 创建表 在当前数据库students中,创建数据表student: mysql> create table student( ),#学生ID ),#学生姓名 -> a ...

  6. MySQL 警告WARN: Establishing SSL connection without server's identity verification is not recommended.解决办法

    Fri Jun 17 13:46:54 CST 2016 WARN: Establishing SSL connection without server's identity verificatio ...

  7. WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default i

    jdbc连接数据库候,对数据进行访问,访问正常当出现如下警告: WARN: Establishing SSL connection without server's identity verifica ...

  8. SVN通过域名连不上服务器地址(svn: E175002: OPTIONS request failed on '/svn/yx-SVN-Server' Connection refused: connect)

    用域名直连就连不上,如果换成了ip直连就可以连接上去了 https://yx-server01/svn/yx-SVN-Server 换为了 https://192.168.188.208/svn/yx ...

  9. C3P0 WARN: Establishing SSL connection without server's identity verification is not recommended

    c3p0的出现,是为了大大提高应用程序和数据库之间访问效率的. 它的特性: 编码的简单易用 连接的复用 连接的管理 今天在配置C3p0的时候出现了这个warn   原因是因为要验证SSL Wed Se ...

随机推荐

  1. TestStack.White安装详解

    一.安装 NuGet TestStack.White是通过NuGet进行安装的.NuGet最低支持VS2010.我使用的VS2015. 安装方式一 :从Visual Studio的工具->扩展和 ...

  2. display:inline-block在IE6/Ie7和IE8中的区别

    在IE6.IE7中不识别display:inline-block属性,但使用inline-block属性在IE下会触发layout,从而使内联元素拥有了display:inline-block属性的表 ...

  3. l1和l2正则化

    https://blog.csdn.net/tianguiyuyu/article/details/80438630 以上是莫烦对L1和L2的理解 l2正则:权重的平方和,也就是一个圆 l1正则:权重 ...

  4. Webshell免杀

    过狗过D盾 <?php class me{ public $a = ''; function __destruct(){ assert("$this->a"); }}$ ...

  5. think PHP提取字符串中的数字,并到数据库中使用in查询所关联表的字段值

    /* * 提取数字并去数据库取得相应的分类名 * $strs 需要处理的字符串 * $table 数据表名 * $condition 条件字段 * $field 获取的字段 */ public fun ...

  6. Scrapy框架: Request回调函数

    Request回调函数 def parse_page1(self, response): return scrapy.Request("http://www.example.com/some ...

  7. Codeforces 1132G(dfs序+线段树)

    题面 传送门 分析 对于每一个数a[i],找到它后面第一个大于它的数a[p],由p向i连边,最终我们就会得到一个森林,且p是i的父亲.为了方便操作,我们再增加一个虚拟节点n+1,把森林变成树. 由于序 ...

  8. FZU 1876 JinYueTuan(排列组合)

    Description Let’s have a look at the picture below Now, do you know what it’s? Yeah , O(∩_∩)O~ , It ...

  9. springboot中xml配置之@ImportResource

    springboot中进行相关的配置往往有java配置和xml配置两种方式. 使用java的方式配置只需要使用@configuration注解即可,而使用xml的方式配置的话需要使用@ImportRe ...

  10. 基于 Scrapy-redis 两种形式的分布式爬虫

    基于 Scrapy-redis 两种形式的分布式爬虫 .caret, .dropup > .btn > .caret { border-top-color: #000 !important ...