logo标签列表

Windows 8 手机客户端证书 HTTPS 认证

sslhttpswindows-phone-8wiresharkclient-certificates
9
我正在开发一个Windows 8手机应用程序,尝试使用客户端证书访问安全的HTTPS服务器。这完全不起作用,因此我尝试从标准Web浏览器访问HTTPS服务器,但也无法正常工作。我不知道Internet Explorer是否能处理客户端证书。如果它不能处理它们,我会非常感兴趣得到一些C#.NET的示例代码,该代码适用于Windows 8手机,并能够向Web服务提供客户端证书以进行HTTPS通信。所使用的证书必须存储在Windows 8手机证书存储中。
对我来说,无论是从我构建的应用程序还是从Internet Explorer中都无法正常工作。我已经像下面这样在Apache中设置了客户端身份验证:
<VirtualHost _default_:443>
DocumentRoot /var/www/htdocs
ServerName norrweb
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
#SSLCACertificatePath    /var/www/conf/ssl.crt
SSLCACertificateFile    /var/www/conf/ssl.crt/ca-bundle.crt
SSLVerifyClient require
SSLVerifyDepth  10
</VirtualHost>

这个很好用,在OSX中,我可以选择由SSLCACertificateFile指定的CA发布的客户端证书,其中包含一个自签名的根CA和一个中间CA,该中间CA又签署了我在mac上使用的客户端证书。

我已经将根CA、中间CA和客户端CA安装在Windows 8手机(Nokia Lumia 900)上。对于每个证书,手机都告诉我安装成功了。 对我来说,似乎手机从未向服务器发送任何证书。是否需要指定要用于哪个服务器的证书?

以下是Apache的error_log内容:

# tail -f /var/www/logs/error_log                                                                                                                                  
[Tue Mar 12 23:46:30 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:46:30 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]

以下内容可以在Wireshark中看到。
No.     Time           Source                Destination           Protocol Length Info
      1 0.000000000    10.0.83.232           10.0.83.132           TCP      66     49160 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      2 0.000177000    10.0.83.132           10.0.83.232           TCP      66     https > 49160 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 0, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      3 0.004240000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0

Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      4 0.006430000    10.0.83.232           10.0.83.132           TLSv1    162    Client Hello

Frame 4: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 108
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 103
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 99
            Version: TLS 1.0 (0x0301)
            Random
            Session ID Length: 0
            Cipher Suites Length: 24
            Cipher Suites (12 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 34
            Extension: renegotiation_info
            Extension: status_request
            Extension: elliptic_curves
            Extension: ec_point_formats
            Extension: SessionTicket TLS

No.     Time           Source                Destination           Protocol Length Info
      5 0.006753000    10.0.83.132           10.0.83.232           TLSv1    1086   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 5: 1086 bytes on wire (8688 bits), 1086 bytes captured (8688 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1, Ack: 109, Len: 1032
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 53
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 49
            Version: TLS 1.0 (0x0301)
            Random
            Session ID Length: 0
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Compression Method: null (0)
            Extensions Length: 9
            Extension: renegotiation_info
            Extension: SessionTicket TLS
    TLSv1 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 810
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 806
            Certificates Length: 803
            Certificates (803 bytes)
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 154
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 146
            Certificate types count: 3
            Certificate types (3 types)
            Distinguished Names Length: 140
            Distinguished Names (140 bytes)
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol Length Info
      6 0.035066000    10.0.83.232           10.0.83.132           TLSv1    387    Certificate, Client Key Exchange, Change Cipher Spec, Finished

Frame 6: 387 bytes on wire (3096 bits), 387 bytes captured (3096 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 109, Ack: 1033, Len: 333
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 269
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 3
            Certificates Length: 0
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 258
            RSA Encrypted PreMaster Secret
    TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.0 (0x0301)
        Length: 1
        Change Cipher Spec Message
    TLSv1 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 48
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 12
            Verify Data

No.     Time           Source                Destination           Protocol Length Info
      7 0.035543000    10.0.83.132           10.0.83.232           TLSv1    61     Alert (Level: Fatal, Description: Handshake Failure)

Frame 7: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1033, Ack: 442, Len: 7
Secure Sockets Layer
    TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: TLS 1.0 (0x0301)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

No.     Time           Source                Destination           Protocol Length Info
      8 0.037140000    10.0.83.132           10.0.83.232           TCP      54     https > 49160 [FIN, ACK] Seq=1040 Ack=442 Win=17520 Len=0

Frame 8: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 442, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      9 0.037374000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [FIN, ACK] Seq=442 Ack=1040 Win=260864 Len=0

Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 442, Ack: 1040, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     10 0.037491000    10.0.83.132           10.0.83.232           TCP      54     https > 49160 [FIN, ACK] Seq=1040 Ack=443 Win=17520 Len=0

Frame 10: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 443, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     11 0.038866000    10.0.83.232           10.0.83.132           TCP      66     49161 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 11: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     12 0.038987000    10.0.83.132           10.0.83.232           TCP      66     https > 49161 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 0, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     13 0.042720000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [ACK] Seq=443 Ack=1041 Win=260864 Len=0

Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 443, Ack: 1041, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     14 0.045063000    10.0.83.232           10.0.83.132           TCP      60     49161 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0

Frame 14: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     15 0.046585000    10.0.83.232           10.0.83.132           SSLv3    112    Client Hello

Frame 15: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 58
Secure Sockets Layer
    SSLv3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 53
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 49
            Version: SSL 3.0 (0x0300)
            Random
            Session ID Length: 0
            Cipher Suites Length: 10
            Cipher Suites (5 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)

No.     Time           Source                Destination           Protocol Length Info
     16 0.047039000    10.0.83.132           10.0.83.232           SSLv3    1113   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 16: 1113 bytes on wire (8904 bits), 1113 bytes captured (8904 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1, Ack: 59, Len: 1059
Secure Sockets Layer
    SSLv3 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 81
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 77
            Version: SSL 3.0 (0x0300)
            Random
            Session ID Length: 32
            Session ID: f49316c9deb37720a0af8fe4bd7d3feb9a289930d502de9d...
            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
            Compression Method: null (0)
            Extensions Length: 5
            Extension: renegotiation_info
    SSLv3 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 810
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 806
            Certificates Length: 803
            Certificates (803 bytes)
    SSLv3 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 153
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 145
            Certificate types count: 2
            Certificate types (2 types)
            Distinguished Names Length: 140
            Distinguished Names (140 bytes)
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol Length Info
     17 0.058398000    10.0.83.232           10.0.83.132           SSLv3    397    Alert (Level: Warning, Description: No Certificate), Client Key Exchange, Change Cipher Spec, Finished

Frame 17: 397 bytes on wire (3176 bits), 397 bytes captured (3176 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 59, Ack: 1060, Len: 343
Secure Sockets Layer
    SSLv3 Record Layer: Alert (Level: Warning, Description: No Certificate)
        Content Type: Alert (21)
        Version: SSL 3.0 (0x0300)
        Length: 2
        Alert Message
            Level: Warning (1)
            Description: No Certificate (41)
    SSLv3 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 260
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 256
    SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: SSL 3.0 (0x0300)
        Length: 1
        Change Cipher Spec Message
    SSLv3 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 60
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 36
            MD5 Hash
            SHA-1 Hash

No.     Time           Source                Destination           Protocol Length Info
     18 0.058791000    10.0.83.132           10.0.83.232           SSLv3    61     Alert (Level: Fatal, Description: Handshake Failure)

Frame 18: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1060, Ack: 402, Len: 7
Secure Sockets Layer
    SSLv3 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: SSL 3.0 (0x0300)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

No.     Time           Source                Destination           Protocol Length Info
     19 0.059728000    10.0.83.132           10.0.83.232           TCP      54     https > 49161 [FIN, ACK] Seq=1067 Ack=402 Win=17520 Len=0

Frame 19: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 402, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     20 0.061094000    10.0.83.232           10.0.83.132           TCP      60     49161 > https [FIN, ACK] Seq=402 Ack=1067 Win=260864 Len=0

Frame 20: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 402, Ack: 1067, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     21 0.061351000    10.0.83.132           10.0.83.232           TCP      54     https > 49161 [FIN, ACK] Seq=1067 Ack=403 Win=17520 Len=0

Frame 21: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 403, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     22 0.062308000    10.0.83.232           10.0.83.132           TCP      66     49162 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 22: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49162 (49162), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     23 0.062449000    10.0.83.132           10.0.83.232           TCP      66     https > 49162 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

[编辑] 这里有一些新信息,我使用openssl s_client进行了一些未来的调试,如下所示:

imac:test jens$ openssl s_client -showcerts -connect norrweb:443 -CAfile CCRootCA.pem -prexit
CONNECTED(00000003)
depth=1 /CN=CCRootCA/C=SE/emailAddress=<mail hidden>
verify return:1
depth=0 /CN=norrweb/emailAddress=<mail hidden>
verify return:1
45636:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 40
45636:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_lib.c:182:
---
Certificate chain
 0 s:/CN=norrweb/emailAddress=<mail hidden>
   i:/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIBAjALBgkqhkiG9w0BAQswPDERMA8GA1UEAwwIQ0NSb290
<snip>
IEPe9OMviQ+yxlJKnalvha8yL5ULzYFIkRfvUZTUd8M=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=norrweb/emailAddress=<mail hidden>
issuer=/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
---
Acceptable client certificate CA names
/CN=NorrIntermediateCA/C=SE/emailAddress=<mail hidden>
/CN=NorrRootCA/C=SE/emailAddress=<mail hidden>
---
SSL handshake has read 1599 bytes and written 210 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: C3B4CC8BF5D88DE76E0DDEE4A24499B9F391D8B7AE93C84CE25DA58218181313
    Session-ID-ctx: 
    Master-Key: C98F2A12F7A796BD380507544A25FBEFCFEC1270F14A5705E6FFC4C841403F35C244E39F71FBA5407C27AC406D1058B7
    Key-Arg   : None
    Start Time: 1364065589
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
imac:test jens$

以下内容在服务器日志中打印出来:
[23/Mar/2013 20:06:24 25734] [info]  Connection to child 3 established (server norrweb:443, client 10.0.83.145)
[23/Mar/2013 20:06:24 25734] [info]  Seeding PRNG with 1160 bytes of entropy
[23/Mar/2013 20:06:24 25734] [error] SSL handshake failed (server norrweb:443, client 10.0.83.145) (OpenSSL library error follows)
[23/Mar/2013 20:06:24 25734] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]

因为它打印了以下内容,我想服务器正在做正确的事情:

可接受的客户端证书CA名称

/CN=NorrIntermediateCA/C=SE/emailAddress=

/CN=NorrRootCA/C=SE/emailAddress=

我确定我已经在诺基亚设备上安装了由/CN=NorrIntermediateCA/C=SE/emailAddress=签名的客户端证书。

还有更多建议吗? Windows 8手机坏了吗?

1
这是关于开发一个Windows 8手机应用程序的内容。我在问题中已经明确了意图。 - www.jensolsson.se
这个对于安装和测试证书有用吗?[http://wp7certinstaller.codeplex.com/] - Neil Turner
让这更加奇怪的是,它在Windows Phone 7上运行良好。在Windows 8手机上,同一应用程序无法正常工作(至少在诺基亚Lumia 900上)。也许他们在证书处理方面进行了很多改变。 - www.jensolsson.se
4
确保你的手机日期和时间设置正确,即使手机已经开启了“自动设置时间”,也要手动进行设置并确认日期/时间是否正确。正确的日期和时间对于握手协议的正常工作是必要的。实际上,我曾经遇到过很多情况,明明应该可以正常工作但最终发现只是手机时间设置错误导致无法连接。 - Patrick F
我现在已经检查了手机的日期和时间设置,但不幸的是它们是正确的。我还尝试手动设置时间,但没有成功。无论如何,感谢您的建议,值得一试。 - www.jensolsson.se
显示剩余2条评论
2个回答
3

我知道现在有点晚了,但是根据这篇msdn文章指出,Windows Phone 8不支持客户端证书。

您说得对,我也得出了同样的结论。虽然我忘了在这里补充,但很好你做到了! :) - www.jensolsson.se
我在一次黑客马拉松中吃了亏...不过它们可以在Windows Store应用程序中使用。 - arri.io
最新版本的WP有没有改变这个? - tofutim
2
请看第6帧。诺基亚没有发送证书。这与错误日志消息显示证书丢失相对应:peer did not return a certificate
我曾经遇到过这个问题,当服务器缺少颁发客户端证书的证书链时会出现这种情况。我认为错误日志正在说这个问题:[提示:服务器没有已知的CA用于验证?] 服务器向客户端发送它信任的CA。客户端使用由这些CA颁发的客户端证书回复消息。
嗨,谢谢回复。诺基亚没有发送证书是我预期的结果。问题是为什么以及如何解决?我确定颁发客户端证书的链已安装在服务器上。由于从OSX客户端正常工作,我觉得这是一个客户端问题?或者您仍然认为错误在服务器中,这可能是可能的吗?我想知道为什么我的OSX客户端在这种情况下能够正常工作? - www.jensolsson.se
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接