哎呀,没有答案......所以我会回答我自己的问题,这可能对其他人有帮助。
这是我的步骤,不确定是否每个人都需要,但这就是我最终所做的。
1)安装FileZilla服务器
- 用它来创建自己的自签名证书
- 菜单:设置| SSL/TLS 设置 |生成新证书
- 输入适当的值
- 确保我的通用名称=服务器地址正确。
- 这在 .crt 中生成了带有私钥的证书
扩展名/格式
2)由于我在Windows上,我发现我无法在证书存储中安装此证书,因此我需要先进行额外的步骤将其转换
- 下载 OpenSSLhttp://www.openssl.org/lated/binaries.html http://www.openssl.org/related/binaries.html使用命令行将其转换为.pfx格式
- openssl pkcs12 -export -out mycert.pfx -inkey myFileZilla.crt -in
myFileZilla.crt
3) 启动 Windows MMC 管理单元控制台
- 将证书安装到计算机帐户、受信任的根中
认证机构商店
4)在我的代码中(在 FTPS 库中,在本例中为 Alex FTPS
我的连接如下所示:
var credential = new NetworkCredential(username, password);
string message = _client.Connect(hostname, port, credential,
ESSLSupportMode.Implicit,
null, // new RemoteCertificateValidationCallback(ValidateTestServerCertificate),
null, 0, 0, 0, null);
.net/Windows 基础设施管道已经为我处理了所有验证
5) 但如果您想要自定义验证,或者不想在 Windows 商店中安装证书,您可以在此处使用以下示例代码:http://msdn.microsoft.com/en-us/library/office/dd633677%28v=exchg.80%29.aspx http://msdn.microsoft.com/en-us/library/office/dd633677%28v=exchg.80%29.aspx
private static bool ValidateTestServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
return true;
}
// If there are errors in the certificate chain, look at each error to determine the cause.
if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
if (chain != null && chain.ChainStatus != null)
{
foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus)
{
if ((certificate.Subject == certificate.Issuer) &&
(status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot))
{
// Self-signed certificates with an untrusted root are valid.
continue;
}
else
{
if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError)
{
// If there are any other errors in the certificate chain, the certificate is invalid,
// so the method returns false.
return false;
}
}
}
}
// When processing reaches this line, the only errors in the certificate chain are
// untrusted root errors for self-signed certificates. These certificates are valid
// for default Exchange server installations, so return true.
return true;
}
else
{
// In all other cases, return false.
return false;
}
}
希望能帮助人们。