可以使用cassandracsharpdriver从EC2托管C＃应用程序连接到Amazon Keyspaces，但可以从我的Dev Machine连接 我正在尝试通过EC2 Windows实例连接到Amazon Keyspaces，但我可以通过绝对相同的琐碎控制台应用程序成功地连接到它： 使用系统...

当我从本地计算机上连接时，我会收到这样的消息：

CN=cassandra.us-east-2.amazonaws.com SSL Certificate is valid! CN=cassandra.us-east-2.amazonaws.com SSL Certificate is valid!

因此，我假设这是谈判阶段。

但是当我从EC2实例运行同一应用时，我得到了：

Cassandra.NoHostAvailableException: All hosts tried for query failed (tried 3.12.23.188:9142: AuthenticationException 'Authentication failed, see inner exception.')
   at Cassandra.Connections.Control.ControlConnection.Connect(Boolean isInitializing)
   at Cassandra.Connections.Control.ControlConnection.InitAsync()
   at Cassandra.Tasks.TaskHelper.WaitToCompleteAsync(Task task, Int32 timeout)
   at Cassandra.Cluster.Init()
   at Cassandra.Cluster.ConnectAsync(String keyspace)
   at Cassandra.Tasks.TaskHelper.WaitToComplete(Task task, Int32 timeout)
   at Cassandra.Tasks.TaskHelper.WaitToComplete[T](Task`1 task, Int32 timeout)
   at Cassandra.Cluster.Connect(String keyspace)
   at Cassandra.Cluster.Connect()
   at cassandraconnectiotest.Program.Main(String[] args) in D:\git\beholdtech\trivialcassandraconnectiontest\cassandraconnectiotest\Program.cs:line 56

在EC2实例上的同一时间：

tracert cassandra.us-east-2.amazonaws.com

Gives：

Tracing route to cassandra.us-east-2.amazonaws.com [3.12.23.165]...

（似乎在起作用）

C:\>nslookup cassandra.us-east-2.amazonaws.com Server: ip-172-31-0-2.us-east-2.compute.internal Address: 172.31.0.2 Non-authoritative answer: Name: cassandra.us-east-2.amazonaws.com Address: 3.12.23.190 telnet cassandra.us-east-2.amazonaws.com 9142

当我输入时，黑屏会产生一些效果。

c:\> openssl s_client -connect cassandra.us-east-2.amazonaws.com:9142 -msg -debug

Gives

Connecting to 3.12.23.184 CONNECTED(00000140) ... dumps... subject=CN=cassandra.us-east-2.amazonaws.com issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M01 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5565 bytes and written 408 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate)

openssls_client -connect cassandra.us-east-2.amazonaws.com:9142 -cafile“ c：\ amazamonrootca1.der”

回报：

E4130000:error:05800088:x509 certificate routines:X509_load_cert_crl_file_ex:no certificate or crl found:crypto\x509\by_file.c:264:

如果我使用另一份证书，SF-Class2-root.crt或SF-Class2-root.cer通过：

$client = new-object System.Net.WebClient $client.DownloadFile("https://certs.secureserver.net/repository/sf-class2-root.crt","d:\sf-class2-root.crt") Export-Certificate -Cert $cert -FilePath "c:\sf-class2-root.cer"

C：> openssl s_client -connect cassandra.us-east-2.amazonaws.com:9142 -cafile“ c：\ newtest \ newtest \ sf-class2-root.crt”

将给我：

Connecting to 3.12.23.176 CONNECTED(00000140) depth=4 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority verify return:1 depth=3 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 verify return:1 depth=2 C=US, O=Amazon, CN=Amazon Root CA 1 verify return:1 depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M01 verify return:1 depth=0 CN=cassandra.us-east-2.amazonaws.com verify return:1 --- Certificate chain 0 s:CN=cassandra.us-east-2.amazonaws.com i:C=US, O=Amazon, CN=Amazon RSA 2048 M01 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Nov 8 00:00:00 2024 GMT; NotAfter: Oct 26 23:59:59 2025 GMT 1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M01 i:C=US, O=Amazon, CN=Amazon Root CA 1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Aug 23 22:21:28 2022 GMT; NotAfter: Aug 23 22:21:28 2030 GMT 2 s:C=US, O=Amazon, CN=Amazon Root CA 1 i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT 3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT ... -----END CERTIFICATE----- subject=CN=cassandra.us-east-2.amazonaws.com issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M01 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5565 bytes and written 408 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE

但使用此SF-Class2-root.crt启动应用程序将导致相同的结果：所有内容都起作用，从localhost和EC2实例上的错误起作用。

您可以建议，该怎么办？如何添加任何记录？什么原因是什么？我的EC2实例具有静态IP和所有出站连接。 这本来应该是微不足道的，非常快速，容易的任务。我已经花了几天的时间试图弄清楚...还有另一种使用Cassndracsharpdriver连接的方法吗？ Trivial，只能从任何计算机（本地或EC2）工作（我也可以在部署过程中修改代码，将行为采用环境）。

使用

X509Store

证书存储时，您需要将

X509Certificate2Collection

对象传递给

SSLOptions()

。

例如，检索证书的集合：

AmazonKeyspaces代码示例