My application was working fine two days ago. I was able to sent the push notification completely fine on live app but suddenly i starts getting this error
{System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The certificate is revoked
Here is my code, where i am getting the exception
try
{
stream.AuthenticateAsClient(this.appleSettings.Host,
this.certificates, System.Security.Authentication.SslProtocols.Tls,
false);
}
catch (System.Security.Authentication.AuthenticationException ex)
{
throw new ConnectionFailureException("SSL Stream Failed
to Authenticate as Client", ex);
}
The tried to change the X509Certificate to X509Certificat2 and X509CertificateCollection to X509Certificate2Collection but it didn't help me. I also did not revoked any certificate from my developer account.
We had the same problem, We fixed it by generating the new .p12 certificate file for Apple push notification. Validity of certificate is of one year and it is independent of your app. So you don't need to up the app gain on store to fix the issue. Just find the app id of your app. Use this app id to create a new .p12 certificate file for push notification and upload it on your server.
Related
I've developed an UWP app for a client, which uses WebServices that are hosted in its domain.
Until now, the URL WebServices were related to a test server that don't use SSL
But now, the WebServices URL are related to the prod server that use SSL
As I'm a subcontractor, I don't have an AD account, and I need to use the VPN to access to the client's WebServices.
I didn't get any problem to access to the test server, but it's no longer the case with the prod server.
When I try to access to access to the URL through a navigator, I get a security warning message (DLG_FLAGS_INVALID_CA), but I can "force" the navigation to the URL.
But when I call the WebService from the app with HttpCLient, I also get an error (HttpRequestException) and I don't see how I could fix it.
Here are the details of the exception:
HResult = -2147012851
InnerException =
{System.Runtime.InteropServices.COMException (0x80072F0D): Can't find text related to the error code. The certificate authority is invalid or is incorrect at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) ...
Message = "An error occurred while sending the request."
Source = "System.Net.Http"
I've already tried to install handly the certificates on my computer, but this doesn't fix the issue...
Is there another approach?
Edit: add "user" certificate
The client sent me the "user" certificate and I installed it on my computer in "User\Trusted Root Certification Authorities Certificate Store": there is no longer problem from the navigator. However, in the app, the problem is still present.
Is it normal? Do I need to "attach" the certificate to the app? This is not really usefull, as the client's users don't need this problem: it's only me as I'm a subcontractor using the VPN...
Edit: add "computer" certificate
Finally the client sent me the "computer" certificate and I installed it on my computer in "Computer\Trusted Root Certification Authorities Certificate Store": this time I could use the app without problem.
It's good to know that the UWP app and the navigators don't use the same certificate.
The problem has been fixed by installing the "user" and "computer" certificates that has been sent by the client.
I am calling a web service using certifcates and security protocol. The application was running fine but suddenly started giving me web exception.
The request was aborted: Could not create SSL/TLS secure channel.
when I checked status code, it is SecureChannelFailure and HResult is 2146233079.
The web service response is returning NULL.
Part of the code is as follows:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
I appreciate any help.
A few questions that might point you in the right direction
Maybe the certificate you are using has expired?
Maybe you are running the client from a different computer than before which doesn't have the trusted root of the certificate installed?
Maybe the certificate was somehow revoked?
Hope it helps!
It worked for me when I added certs like this
X509Store certificatesStore = new X509Store(storeName, storeLocation);
certificatesStore.Open(OpenFlags.OpenExistingOnly);
var matchingCertificates = certificatesStore.Certificates.Find(X509FindType.FindBySerialNumber, serialNumber, true);
request.ClientCertificates.Add(matchingCertificates );
did you get a resolution to this?
I've noticed that a windows update to my windows 10 machine and the windows 2008RC servers have caused our issue. The problem we have is that we cannot quickly change the 3rd party servers from SHA1 encrypted certs.
A way around it is to uninstall the updates listed here.
https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
Another way around it is to add this line of code:
System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Ref: Could not establish trust relationship for SSL/TLS secure channel -- SOAP
However this doesn't work for us.
I'm using new Azure Scheduler service and I have this issue.
I have one console application that works fine with this few code lines
var credentials = new CertificateCloudCredentials(subscriptionId, certificate);
var schedulerClient= new SchedulerManagementClient(credentials);
var jobCollAvailable = schedulerClient.JobCollections.CheckNameAvailability(cloudServiceName, jobCollectionName_NE);
I use the same code lines in a API service with service stack.
When CheckNameAvailability method is called system throws this exception :
Forbidden Error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
Since Friday everything worked also into the service. I had only changed the certificate with another one.
If I remove certificate from Azure the console app throws the same error( but in this case is correct). I have tried with more than one certificate for to be sure and console app has worked fine.
The Certificate loaded and used from Service has the same thumbprint that the console app one.
Thanks for your suggests
I am having an issue when downloading a file from a https connection.
Everything works as expect for a while. Then after a seemingly random (although short) interval the downloads start failing with the following exception:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
The ca (Go Daddy) is trusted. It works for a dozen or so downloads and then gets this error. Once the error starts happening only a restart of the service doing the downloads will make it work again. Of course that functioning is short lived.
The code doing the download is dead simple :
private void DownloadFileTo(string targetPath)
{
using (WebClient client = new WebClient())
{
string finalURL = CombineURLParts();
client.DownloadFile(finalURL, targetPath);
}
}
I am tearing my hair out trying to make this work. I have attempted to disable cert validation using ServicePointManager.ServerCertificateValidationCallback, but the error still occurs. I am logging the cert in the handler, but everything looks identical between the downloads that work, and the ones that do not.
Any ideas?
I'm having problems creating a test X509Certificate in my store that I can use in WCF. All of the certificates I create have the same result when I try to use it in the WCF channel factory - "The private key is not present in the X.509 certificate".
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "MyClientCert");
I've tried putting the certificate in LocalMachine, having it self-signed vs. a test CA. Nothing helps, the certificate always has the property HasPrivateKey equal to false.
UPDATES:
I've gotten past the above problem, by following the instructions at http://msdn.microsoft.com/en-us/library/ff650751.aspx. However, I'm onto a new problem with the certificate now generating a new error when I try to send the message to the queue. The error is:
An error occurred while sending to the queue: A cryptographic function failed. (-1072824272, 0xc00e0030).Ensure that MSMQ is installed and running. If you are sending to a local queue, ensure the queue exists with the required access mode and authorization.
Again, the process works if I use a real cert instead of a test one, so it seems like it has to be something related to the certificate.