我正在尝试与第三方 API 建立 TLS 相互身份验证。客户端证书配置良好,当我尝试通过 Chrome 访问端点 url 时,它工作正常(Chrome 要求在消息框中确认证书,当我这样做时,页面会显示其内容)。
当我尝试使用 IE 执行同样的操作时,它无法正常工作并显示此消息
Cannot securely connect to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.
Your TLS security settings aren’t set to the defaults, which could also be causing this error.
So I logged the details to Wireshark, And this is how it looks
When I digged more in to details I can see that the client certificate was never sent on step 9(TLSv1.2 379 Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message).
在步骤 10 中,这是我遇到的错误
这种行为背后的原因是什么?
更新:当我尝试通过代码访问相同的端点并检查 SChannel 日志时,我可以看到这样的警告
The remote server has requested TLS client authentication, but no
suitable client certificate could be found. An anonymous connection
will be attempted. This TLS connection request may succeed or fail,
depending on the server's policy settings.