I am using rest-api (I built the server as ASP.NET and the client as explained here: https://www.codeprojeAt.com/Tips/497123/How-to-make-REST-requests-with-Csharp)
And I want to use ssl during my development. For some reason when I use the "iis express development certificate" I still get this error:
System.Net.WebException: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'
AuthenticationException: The remote certificate is invalid according to the validation procedure.
Any ideas..?
If you are using a self-signed development certificate, a typical web client will not be able to validate it, because it was not created by a certificate authority that maps back to a root authority. You have two choices:
In your web client, disable validation of the chain of trust.
Install the self-signed cert as a root cert on the machine running the web client. Not all certs can be installed this way, so you may actually have to generate a development root cert, use it to generate your site's development cert, then install the development root cert.
Related
I have developed a project using identity server. I'm trying to query with a token I got from the identity server through an API. Two applications are running on the same pc. If I publish both the identity server and the api with the ip address, I get the following error when I make a request. How can I fix this error?
You must always use a domain name when you use HTTPS, using HTTPS://xxx.xxx.xxx.xxx does not work.
You need to configure your endpoint to support HTTPS or try to use localhost.
This error is emitted when the Microsoft authentication library can't download the openidconnect metadata document from the specified identity server instance. Looking down the stack trace it appears that the connection has been aborted at the SSL/TLS layer because the certificate presented was either invalid for the address requested or not recognised as coming from a valid signing authority.
This might come about if you have configured your app startup to connect to IdentityServer by IP rather than by hostname, because the cert presented will be for the hostname localhost and contains no mention of the IP.
How are you publishing IdentityServer; is it running in your local IIS Express? If so it should be using the iis self-signed certificate which your own machine should recognise. You can try repairing the IIS express installation if the localhost certificate isn't present for some reason.
go into windows event viewer you will find a details of that error, mainly the issue is because of miss-configuration
I am doing development on Local host. I need SSL enabled for a module. I have generated Self Signed certificate for it on IIS. But when I run my site it says not secure.
I have even Edited Bindings of the site for Port 443
Try to Secure the server with SSL.
1.In your IIS Manager go to your server -> Scroll down and double-click Server Certificates.
2.Click Import…, you need to import our self signed server certificate in order to enable https communication with SSL.
3.Your certificate is now added, double-click the newly added cert to verify that it is trusted.
4.Now you can add the https binding, Choose https with port 443, your domain as the host name and find your self signed certificate in the drop down list.
I am hosting my WCF service by NT Windows Service.
The Windows service runs under a local machine user, which is not included to the Local Machine Administrators Group.
The Wcf Service calls a 3rd Party WCF Service which is using a Client Certificate for the Client Authentication.
The Client Certificate is installed under "Personal" for the "Local Computer".
Additionally I have downloaded "Windows HTTP Services Certificate Configuration Tool" https://download.microsoft.com/download/4/5/b/45bab62d-cdd8-42c7-85d0-0275b96db2c5/winhttpcertcfg.msi and granted the NT Service User access to the Client Certificate
WinHttpCertCfg.exe -g -c LOCAL_MACHINE\MY -s "*Cer CN*" -a "*My User*"
after service start I can reach the 3rd Party service successfully, but after a couple of hours of work I receive SSL Certificate error, which gets fixed after restarting the Windows Service
How can I fix this?
If your service is up and running before, but after a period of time, there will be an occasional failure, indicating that the SSL certificate chain has crashed.
I recommend that you update the Dotnetframework version or the operating system version, because the use of the certificate protocol requires a prerequisite.
https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
In addition, it is recommended that you do not use self-signed certificates, and in the certificate store, right click the certificate, All Tasks, manage the private keys menu to add the appropriate user groups.
Feel free to let me know If the problem still exists.
I'm trying to change the remote desktop certificate of an older application running in Azure.
I created the new certificate, exported it and succesfully uploaded it to the cloud service certificates (in Azure portal)
So far so good but when I try to update the cloud service by uploading a new package with the new certificate then I get this error:
Mismatch between the certificates of the running service and the certificates in the uploaded sdk package
How can I overcome this? The cloud service builds and works fine if I keep the old certificate thumbprint.
Check that the thumbprints of the certificate uploaded to the portal is the same with what you provided in ServiceConfiguration.Cloud.cscfg.
Seems you are doing things right for RDP cert. I have a pair of pfx made from makecert and upload them to cloud service, and can switch thumbprints around in CSCFG file without any deployment problem.
My assumption is, you have used this cert else where in your service resulted the error.
Referring to step 2 in this article, is it possible you are using cert but missing something in the service definition(CSDEF)? Such as CA certificate reference or intermediate certificate block.
I have two projects. One is WCF project and the other one is client. The WCF project is hosted by IIS which uses SSL.
I created self-signed certificate by IIS And bind the certificate to URL:localhost:4435/Service1.svc. When use IE open the site, it shows 'The security certificate presented by this website was issued for a different website's address.'
The certificate is already exported in the "Trust Root Certification Authorities".
Via Visual Studio, I can add service reference for client,but when I call the service, it show me the "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:4435'."
I am in trouble, wish someone to help me,
Thanks.