C# https证书通信Post/Get（解决做ssl通道时遇到“请求被中止: 未能创建 SSL/TLS 安全通道”问题）

 1         public static string HttpPost(string url, string param = null)
 2         {
 3             HttpWebRequest request;
 4 
 5             //如果是发送HTTPS请求  
 6             if (url.StartsWith("https", StringComparison.OrdinalIgnoreCase))
 7             {
 8                 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;   //协议按需选择，
 9                 ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult);
10                 request = WebRequest.Create(url) as HttpWebRequest;
11                 request.ProtocolVersion = HttpVersion.Version10;
12 
13             }
14             else
15             {
16                 request = WebRequest.Create(url) as HttpWebRequest;
17             }
18 
19             request.Method = "POST";
20             request.ContentType = "application/json";
21             request.Accept = "*/*";
22             request.Timeout = 15000;  
23             request.AllowAutoRedirect = false;
24             //查找我们导入的证书
25             X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
26             certStore.Open(OpenFlags.ReadOnly);
27             var aa = certStore.Certificates;
28             X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindBySubjectName, "www.xxx.com", false);
29             request.ClientCertificates.Add(certCollection[0]);
30 
31 
32             StreamWriter requestStream = null;
33             WebResponse response = null;
34             string responseStr = null;
35 
36             try
37             {
38                 requestStream = new StreamWriter(request.GetRequestStream());
39                 requestStream.Write(param);
40                 requestStream.Close();
41 
42                 response = request.GetResponse();
43                 if (response != null)
44                 {
45                     StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8);
46                     responseStr = reader.ReadToEnd();
47                     reader.Close();
48                 }
49             }
50             catch (Exception)
51             {
52                 throw;
53             }
54             finally
55             {
56                 request = null;
57                 requestStream = null;
58                 response = null;
59             }
60 
61             return responseStr;
62         }
63 
64 
65         private static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
66         {
67             return true; //总是接受  
68         }

View Code

第一步导入证书：

a、运行输入“mmc”

b、在控制台中点击“文件”——>“添加/删除管理单元”，在弹出框中依次选择“证书”-“添加”-“”-“确定”

上图点击“添加”弹出框选择“计算机账户”，一直下一步到完成。

c、证书导入，“证书”右键选择“所有任务”，点击“导入“。

d、证书授权

1、工具下载安装winhttpcertcfg.msi 下载地址 https://www.microsoft.com/en-us/download/details.aspx?id=19801。

2、到winhttpcertcfg安装目录运行如下命令提升账户访问权限：WinHttpCertCfg.exe -g -c LOCAL_MACHINEMY -s "证书名" -a "NETWORK SERVICE"。

说明：-s 证书名（如：www.xxxx.com）；-a 授权用户

3、如果你的IIS是7.0，需要设置网站应用池标识（如图）。

4、重启IIS