NET程式關閉CRL檢視

憑證如果會進行CRL憑證撤銷清單檢視,而內部網路無法連接外網時

會造成程式延遲15秒左右的時間,要解決不檢查CRL,可做以下設定

如果您的應用程式裝載在 IIS 中,請將它變更下列其中一項︰
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config
C:\Windows\Microsoft.NET\Framework\v3.5\aspnet.config
C:\Windows\Microsoft.NET\Framework\v3.5\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v3.5\CONFIG\web.config
C:\Windows\Microsoft.NET\Framework64\v3.5\aspnet.config
C:\Windows\Microsoft.NET\Framework64\v3.5\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v3.5\CONFIG\web.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config

搜尋


變更為


Start gpedit.msc -> Local Computer policy -> Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication Settings -> Turn off automatic root certificate update = Enabled 

And 

Start gpedit.msc -> Local Computer policy -> Computer Configuration -> Windows Settings -> Security Settings -> Public Key Policy -> Certificate Path Validation Path. Select tab “Network Retrieval” and enable the “Define these policy settings”. Deselect “Automatic update root….” And most important set the timeout values to 1.

留言

張貼留言

這個網誌中的熱門文章

IIS 啟用HTTP Strict Transport Security (HSTS)

1.設定header加上Strict-Transport-Security和持續時間 <system.webServer> <httpProtocol> <customHeaders> <add name="Strict-Transport-Security" value="max-age=31536000"/> </customHeaders> </httpProtocol> </system.webServer> 不過這邊要特別注意的是要在HTTPS下送出這個Header,而不要在HTTP狀態下送出這個Header 因為根據 HSTS (RFC6797) spec 有提到 An HTTP host declares itself an HSTS Host by issuing to UAs (User Agents) an HSTS Policy, which is represented by and conveyed via the Strict-Transport-Security HTTP response header field over secure transport (e.g., TLS). 2.利用Rewrite模組強制使HTTP連線導致HTTPS <system.webServer> <rewrite> <rules> <rule name="HTTP to HTTPS redirect" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="o
閱讀完整內容

Azure Web Apps 讀取憑證

一般當我們在本機能正常運作的東西 常常放到雲端就不Work了 很多問題其實就在於雲端環境的差異與限制 例如這次研究的問題->讀取憑證資訊 以下就介紹Azure Web Apps環境下 憑證如何放置與讀取的差異 一般我們系統要讀取的憑證會放在 StoreLocation.LocalMachine Azure Web Apps上傳後的憑證是放在 StoreLocation.CurrentUser 要讓程式能讀取到要讀取的憑證還要設定憑證的設定檔 否則就算你上傳憑證之後還是找不到 APP Setting中新增憑證讀取參數 WEBSITE_LOAD_CERTIFICATES 和憑證指紋(thumbprint) 或者也可以設定"*"(不需要引號)就會讀取全部憑證 這樣就能順利讀取 以下是憑證讀取範例 using System; using System.Security.Cryptography.X509Certificates;namespace UseCertificateInAzureWebsiteApp { class Program { static void Main(string[] args) { X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadOnly); X509Certificate2Collection certCollection = certStore.Certificates.Find( X509FindType.FindByThumbprint, // 憑證指紋 “E661583E8FABEF4C0BEF694CBC41C28FB81CD870”, false);
閱讀完整內容

解決WCF(REST)在https出現檔案找不到錯誤

最近發生的問題 在網站掛上https之後 一些WCF(REST)服務出現在https出現檔案找不到錯誤 但http狀態下卻是正常的 發現原來是要對設定黨做一些調整 以下是調整後的範例 <system.serviceModel> <bindings> <webHttpBinding> <binding name="Binding" crossDomainScriptAccessEnabled="true"> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> <binding name="httpbind" crossDomainScriptAccessEnabled="true"> </binding> </webHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="returnFaults"> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> <endpointB
閱讀完整內容