I have developed a project using identity server. I'm trying to query with a token I got from the identity server through an API. Two applications are running on the same pc. If I publish both the identity server and the api with the ip address, I get the following error when I make a request. How can I fix this error?
You must always use a domain name when you use HTTPS, using HTTPS://xxx.xxx.xxx.xxx does not work.
You need to configure your endpoint to support HTTPS or try to use localhost.
This error is emitted when the Microsoft authentication library can't download the openidconnect metadata document from the specified identity server instance. Looking down the stack trace it appears that the connection has been aborted at the SSL/TLS layer because the certificate presented was either invalid for the address requested or not recognised as coming from a valid signing authority.
This might come about if you have configured your app startup to connect to IdentityServer by IP rather than by hostname, because the cert presented will be for the hostname localhost and contains no mention of the IP.
How are you publishing IdentityServer; is it running in your local IIS Express? If so it should be using the iis self-signed certificate which your own machine should recognise. You can try repairing the IIS express installation if the localhost certificate isn't present for some reason.
go into windows event viewer you will find a details of that error, mainly the issue is because of miss-configuration
Related
I have a net core 3.1 app trying to call an HTTPS endpoint. This HTTPS endpoint uses a self-signed certificate which I have the CA certificate installed in my machine under /etc/ssl/cert/pem, I tried call it via curl and worked.
Well, in my coworker's machine (windows) it works normally, but in my MacOS Monterey:
The SSL connection could not be established, see inner exception.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Well, I tried some things but nothing worked:
added this env variable "SSL_CERT_DIR" : "/etc/ssl"
added this env variable "SSL_CERT_FILE": "/etc/ssl/cert.pem"
I don't want to change anything in the code because it works normally on other machines (not macos). I'm pretty sure that this error happens because for some reason the .Net Core is note using my CA cert somehow.
Any tips here?
I am trying to deploy a .NET Core application to Azure which connects to RavenDB, locally there is no problem, since it requires a certificate to be installed and read at the time of connection initialization, the problem is that when it is in the cloud, it shows me this error:
The SSL connection could not be established, see inner exception. -> The credentials supplied to the
package were not recognized (The SSL connection could not be established, see inner exception.
I can't find a way to solve it, I include the certificate in the production version, also install the certifcate from the App Service Azure control panel. I really would like to know how to fix this, i didn't find a solution when i searched in other places
How do you load the client certificate in your application?
Try using the machine keyset flag.
[DocumentStore].Certificate = new X509Certificate2("[client cert path]", (string)null, X509KeyStorageFlags.MachineKeySet);
I am using rest-api (I built the server as ASP.NET and the client as explained here: https://www.codeprojeAt.com/Tips/497123/How-to-make-REST-requests-with-Csharp)
And I want to use ssl during my development. For some reason when I use the "iis express development certificate" I still get this error:
System.Net.WebException: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'
AuthenticationException: The remote certificate is invalid according to the validation procedure.
Any ideas..?
If you are using a self-signed development certificate, a typical web client will not be able to validate it, because it was not created by a certificate authority that maps back to a root authority. You have two choices:
In your web client, disable validation of the chain of trust.
Install the self-signed cert as a root cert on the machine running the web client. Not all certs can be installed this way, so you may actually have to generate a development root cert, use it to generate your site's development cert, then install the development root cert.
I have two projects. One is WCF project and the other one is client. The WCF project is hosted by IIS which uses SSL.
I created self-signed certificate by IIS And bind the certificate to URL:localhost:4435/Service1.svc. When use IE open the site, it shows 'The security certificate presented by this website was issued for a different website's address.'
The certificate is already exported in the "Trust Root Certification Authorities".
Via Visual Studio, I can add service reference for client,but when I call the service, it show me the "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:4435'."
I am in trouble, wish someone to help me,
Thanks.
I've created a new site using mvc3 and now I'm getting closer to the point where I need to add [RequireHttps] to my controller actions. If I do that I can not run my site anymore on my local machine [localhost] since I don't have an ssl certificate.
Also, our production server is hosted by another organization. They will purchase and install the ssl to the production server. After they do that are there any special steps I need to take to deploy and Https enabled mvc3 application?
You can try to use IIS Express, which should install a self certified certificate.
http://learn.iis.net/page.aspx/901/iis-express-faq/
Regards
I just had to install a self certified Certificate. There are instructions everywhere for each version of IIS. I did not need to used IIS Express.
Left click on project (mvc3 project name) and go to properties tab
change "SSL Enabled" to True.
You can check SSL using the value provided in "SSL URl" for normal http use "URL".
Please take note that the HTTPS URL made like this usually use a port number above "40000"
use of IIS Express is recommended.