Windows 8的手机客户端证书的HTTPS验证(Windows 8 Phone Client C

2019-08-17 12:46发布

我试图从Windows 8 Phone应用程序我开发访问使用客户端证书安全的HTTPS服务器。 这并不是在所有已使我试着从标准的Web浏览器的地方也不行访问HTTPS服务器工作。 我不知道如果Internet Explorer可以处理客户端证书与否。 如果不处理他们,我会在C#.NET示例代码,在Windows 8手机的工作原理很感兴趣,那就是能够通过HTTPS提供客户端证书的Web服务。 所使用的证书必须存储在Windows 8手机证书存储区。

它只是不适合我,既没有从我建立应用程序,也没有从Internet Explorer工作。 我已成立了客户端身份验证Apache中像下面这样:

<VirtualHost _default_:443>
DocumentRoot /var/www/htdocs
ServerName norrweb
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
#SSLCACertificatePath    /var/www/conf/ssl.crt
SSLCACertificateFile    /var/www/conf/ssl.crt/ca-bundle.crt
SSLVerifyClient require
SSLVerifyDepth  10
</VirtualHost>

这个伟大的工程,在OSX,我可以通过它包含一个自签名的根CA,并且反过来又签署了我使用我的Mac客户端证书中间CA在SSLCACertificateFile指定的CA选择了我的客户端证书的问题。

我已经安装了根CA,中级CA,并在Windows 8手机客户端CA(诺基亚Lumia 900)。 在电话里告诉我,它已成功安装的每个证书。 对我来说,它看起来像如果手机永远不会发送任何证书服务器。 是否需要指定要使用哪个服务器的证书?

以下可以在error_log中被读取的Apache:

# tail -f /var/www/logs/error_log                                                                                                                                  
[Tue Mar 12 23:46:30 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:46:30 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]

以下可以在Wireshark中可以看出

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000000    10.0.83.232           10.0.83.132           TCP      66     49160 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      2 0.000177000    10.0.83.132           10.0.83.232           TCP      66     https > 49160 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 0, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      3 0.004240000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0

Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      4 0.006430000    10.0.83.232           10.0.83.132           TLSv1    162    Client Hello

Frame 4: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 108
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 103
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 99
            Version: TLS 1.0 (0x0301)
            Random
            Session ID Length: 0
            Cipher Suites Length: 24
            Cipher Suites (12 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 34
            Extension: renegotiation_info
            Extension: status_request
            Extension: elliptic_curves
            Extension: ec_point_formats
            Extension: SessionTicket TLS

No.     Time           Source                Destination           Protocol Length Info
      5 0.006753000    10.0.83.132           10.0.83.232           TLSv1    1086   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 5: 1086 bytes on wire (8688 bits), 1086 bytes captured (8688 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1, Ack: 109, Len: 1032
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 53
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 49
            Version: TLS 1.0 (0x0301)
            Random
            Session ID Length: 0
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Compression Method: null (0)
            Extensions Length: 9
            Extension: renegotiation_info
            Extension: SessionTicket TLS
    TLSv1 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 810
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 806
            Certificates Length: 803
            Certificates (803 bytes)
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 154
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 146
            Certificate types count: 3
            Certificate types (3 types)
            Distinguished Names Length: 140
            Distinguished Names (140 bytes)
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol Length Info
      6 0.035066000    10.0.83.232           10.0.83.132           TLSv1    387    Certificate, Client Key Exchange, Change Cipher Spec, Finished

Frame 6: 387 bytes on wire (3096 bits), 387 bytes captured (3096 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 109, Ack: 1033, Len: 333
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 269
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 3
            Certificates Length: 0
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 258
            RSA Encrypted PreMaster Secret
    TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.0 (0x0301)
        Length: 1
        Change Cipher Spec Message
    TLSv1 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 48
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 12
            Verify Data

No.     Time           Source                Destination           Protocol Length Info
      7 0.035543000    10.0.83.132           10.0.83.232           TLSv1    61     Alert (Level: Fatal, Description: Handshake Failure)

Frame 7: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1033, Ack: 442, Len: 7
Secure Sockets Layer
    TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: TLS 1.0 (0x0301)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

No.     Time           Source                Destination           Protocol Length Info
      8 0.037140000    10.0.83.132           10.0.83.232           TCP      54     https > 49160 [FIN, ACK] Seq=1040 Ack=442 Win=17520 Len=0

Frame 8: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 442, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      9 0.037374000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [FIN, ACK] Seq=442 Ack=1040 Win=260864 Len=0

Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 442, Ack: 1040, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     10 0.037491000    10.0.83.132           10.0.83.232           TCP      54     https > 49160 [FIN, ACK] Seq=1040 Ack=443 Win=17520 Len=0

Frame 10: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 443, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     11 0.038866000    10.0.83.232           10.0.83.132           TCP      66     49161 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 11: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     12 0.038987000    10.0.83.132           10.0.83.232           TCP      66     https > 49161 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 0, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     13 0.042720000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [ACK] Seq=443 Ack=1041 Win=260864 Len=0

Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 443, Ack: 1041, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     14 0.045063000    10.0.83.232           10.0.83.132           TCP      60     49161 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0

Frame 14: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     15 0.046585000    10.0.83.232           10.0.83.132           SSLv3    112    Client Hello

Frame 15: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 58
Secure Sockets Layer
    SSLv3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 53
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 49
            Version: SSL 3.0 (0x0300)
            Random
            Session ID Length: 0
            Cipher Suites Length: 10
            Cipher Suites (5 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)

No.     Time           Source                Destination           Protocol Length Info
     16 0.047039000    10.0.83.132           10.0.83.232           SSLv3    1113   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 16: 1113 bytes on wire (8904 bits), 1113 bytes captured (8904 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1, Ack: 59, Len: 1059
Secure Sockets Layer
    SSLv3 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 81
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 77
            Version: SSL 3.0 (0x0300)
            Random
            Session ID Length: 32
            Session ID: f49316c9deb37720a0af8fe4bd7d3feb9a289930d502de9d...
            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
            Compression Method: null (0)
            Extensions Length: 5
            Extension: renegotiation_info
    SSLv3 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 810
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 806
            Certificates Length: 803
            Certificates (803 bytes)
    SSLv3 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 153
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 145
            Certificate types count: 2
            Certificate types (2 types)
            Distinguished Names Length: 140
            Distinguished Names (140 bytes)
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol Length Info
     17 0.058398000    10.0.83.232           10.0.83.132           SSLv3    397    Alert (Level: Warning, Description: No Certificate), Client Key Exchange, Change Cipher Spec, Finished

Frame 17: 397 bytes on wire (3176 bits), 397 bytes captured (3176 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 59, Ack: 1060, Len: 343
Secure Sockets Layer
    SSLv3 Record Layer: Alert (Level: Warning, Description: No Certificate)
        Content Type: Alert (21)
        Version: SSL 3.0 (0x0300)
        Length: 2
        Alert Message
            Level: Warning (1)
            Description: No Certificate (41)
    SSLv3 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 260
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 256
    SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: SSL 3.0 (0x0300)
        Length: 1
        Change Cipher Spec Message
    SSLv3 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 60
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 36
            MD5 Hash
            SHA-1 Hash

No.     Time           Source                Destination           Protocol Length Info
     18 0.058791000    10.0.83.132           10.0.83.232           SSLv3    61     Alert (Level: Fatal, Description: Handshake Failure)

Frame 18: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1060, Ack: 402, Len: 7
Secure Sockets Layer
    SSLv3 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: SSL 3.0 (0x0300)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

No.     Time           Source                Destination           Protocol Length Info
     19 0.059728000    10.0.83.132           10.0.83.232           TCP      54     https > 49161 [FIN, ACK] Seq=1067 Ack=402 Win=17520 Len=0

Frame 19: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 402, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     20 0.061094000    10.0.83.232           10.0.83.132           TCP      60     49161 > https [FIN, ACK] Seq=402 Ack=1067 Win=260864 Len=0

Frame 20: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 402, Ack: 1067, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     21 0.061351000    10.0.83.132           10.0.83.232           TCP      54     https > 49161 [FIN, ACK] Seq=1067 Ack=403 Win=17520 Len=0

Frame 21: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 403, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     22 0.062308000    10.0.83.232           10.0.83.132           TCP      66     49162 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 22: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49162 (49162), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     23 0.062449000    10.0.83.132           10.0.83.232           TCP      66     https > 49162 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

[编辑]下面是一些新的信息,我已经做了使用OpenSSL的一些的s_client.First未来调试,见下图:

imac:test jens$ openssl s_client -showcerts -connect norrweb:443 -CAfile CCRootCA.pem -prexit
CONNECTED(00000003)
depth=1 /CN=CCRootCA/C=SE/emailAddress=<mail hidden>
verify return:1
depth=0 /CN=norrweb/emailAddress=<mail hidden>
verify return:1
45636:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 40
45636:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_lib.c:182:
---
Certificate chain
 0 s:/CN=norrweb/emailAddress=<mail hidden>
   i:/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIBAjALBgkqhkiG9w0BAQswPDERMA8GA1UEAwwIQ0NSb290
<snip>
IEPe9OMviQ+yxlJKnalvha8yL5ULzYFIkRfvUZTUd8M=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=norrweb/emailAddress=<mail hidden>
issuer=/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
---
Acceptable client certificate CA names
/CN=NorrIntermediateCA/C=SE/emailAddress=<mail hidden>
/CN=NorrRootCA/C=SE/emailAddress=<mail hidden>
---
SSL handshake has read 1599 bytes and written 210 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: C3B4CC8BF5D88DE76E0DDEE4A24499B9F391D8B7AE93C84CE25DA58218181313
    Session-ID-ctx: 
    Master-Key: C98F2A12F7A796BD380507544A25FBEFCFEC1270F14A5705E6FFC4C841403F35C244E39F71FBA5407C27AC406D1058B7
    Key-Arg   : None
    Start Time: 1364065589
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
imac:test jens$ 

以下是打印在日志上的服务器中:

[23/Mar/2013 20:06:24 25734] [info]  Connection to child 3 established (server norrweb:443, client 10.0.83.145)
[23/Mar/2013 20:06:24 25734] [info]  Seeding PRNG with 1160 bytes of entropy
[23/Mar/2013 20:06:24 25734] [error] SSL handshake failed (server norrweb:443, client 10.0.83.145) (OpenSSL library error follows)
[23/Mar/2013 20:06:24 25734] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]

因为它打印下面我猜的服务器是做正确的事?:

可接受的客户端证书CA名称

/ CN = NorrIntermediateCA / C = SE / EMAILADDRESS =

/ CN = NorrRootCA / C = SE / EMAILADDRESS =

我知道肯定我已经安装了由/ CN = NorrIntermediateCA / C = SE签署的诺基亚设备上的客户端证书/ EMAILADDRESS =

任何建议任何人吗? 是Windows 8手机坏了吗?

Answer 1:

我知道这是晚了,但根据这个MSDN文章客户端证书中的Windows Phone 8不支持。



Answer 2:

看看框架6.诺基亚不发送证书。 这相当于显示该证书丢失error_log里的消息: 对未返回证书

我看到,当服务器缺少颁发的客户端证书的证书链这个问题。 我相信error_log里是说尽可能多:[提示:暂无CAS已知服务器进行验证]

服务器发送客户端的CA它信任。 客户端发送回使用这些CA颁发的客户端证书的消息。



文章来源: Windows 8 Phone Client Certificate HTTPS authentication