Open Closed

Certificate Issue in Local IIS deployment #1185


1
viswajwalith created
  • ABP Framework version: v4.2.2
  • UI type: MVC
  • DB provider: EF Core / MongoDB
  • Tiered (MVC) or Identity Server Separated (Angular): yes , Microservice Architecture
  • Exception message and stack trace:

--- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync() 2021-04-12 18:17:38.608 +05:30 [INF] Request finished HTTP/2 GET https://localhost:451/ - - - 500 - - 12.5611ms 2021-04-12 18:23:16.287 +05:30 [INF] Request starting HTTP/2 GET https://localhost:451/ - - 2021-04-12 18:23:16.293 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-12 18:23:16.293 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-12 18:23:16.299 +05:30 [ERR] Connection ID "17005592220331409569", Request ID "800000a2-0006-ec00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ After using IIS express development Certificate in IIS getting the below error ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2021-04-14 12:27:53.400 +05:30 [INF] Request starting HTTP/2 GET https://localhost:451/ - - 2021-04-14 12:27:53.403 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 12:27:53.403 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 12:27:53.412 +05:30 [ERR] Connection ID "17149707399817330746", Request ID "8000003b-0004-ee00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---

  • Steps to reproduce the issue:
  1. Created the solution with Microservice Architecture

  2. Deployed all nesessary servier into Local IIS (for testing) with HTTPS and Local Signed certificate

  3. Updated the relevent URLS across deployed projects appsettings.json

  4. All of the Projects except (UI layer) is working fine with https calls

  5. Access the WebURL (UI Layer) ,

  6. How to resolve this issue any idea?

  7. what if we need to use http in the place of https? what are the things we need to perfom at code level.


8 Answer(s)
  • 0
    gterdem created
    Support Team

    There are 3 applications as you have noticed:

    • AuthServer (IdentityServer)
    • Public application (Razor/MVC)
    • Web app (back-office application that can be Razor/Mvc-Angular-Blazor-BlazorServer)

    What is your web app? Angular, Razor, Blazor or Blazor.Server?

  • 0
    viswajwalith created

    There are 3 applications as you have noticed:

    • AuthServer (IdentityServer)
    • Public application (Razor/MVC)
    • Web app (back-office application that can be Razor/Mvc-Angular-Blazor-BlazorServer)

    What is your web app? Angular, Razor, Blazor or Blazor.Server?

    We are getting the issue when running the UI layer with MVC. DO u have any more questions.

  • 0
    gterdem created
    Support Team

    You must run AuthServer on https. To other applications such as Web app on http or with different ports:

    Update application's appsettings

    Navigate to Web application's appsettings.json and change the SelfUrl under App section. From https://localhost:451 to something like http://localhost:4510.

    Update IdentityServer configuration

    Assuming you can't login to Web application for IdentityServer management pages, there are 2 ways to update:

    1. Update appsettings.json of DbMigrator project under Shared folder. Find IdentityServerClients section and update MyProject_Web client RootUrl with new http url, http://localhost:4510. Then delete IdentityService Database and re-create so it can be re-seeded with IdentityServerDataSeeder which uses these configurations.
    2. Manually update IdentityService database:
    • Update FrontChannelLogoutUri column in IdentityServerClients table
    • Add or update RedirectUri of that client in IdentityServerClientRedirectUris table.
    • Add or update PostLogoutRedirectUri column of that client in IdentityServerClientPostLogoutRedirectUris table.
  • 0
    viswajwalith created

    ng you can't lo

    Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.

    As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.

    2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - - 2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---

    Please advise.

  • 0
    gterdem created
    Support Team

    Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.

    As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.

    2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - - 2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application.

    Not only the port, the protocol also you need to update. It should be http://localhost. It is still making requests to old url. Try recycling the application from the iis pool.

    Although your main problem with https is with your IIS server. The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot. You need to trust your self signed certificate.

  • 0
    viswajwalith created

    Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.

    As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.

    2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - - 2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application.

    Not only the port, the protocol also you need to update. It should be http://localhost. It is still making requests to old url. Try recycling the application from the iis pool.

    Although your main problem with https is with your IIS server. The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot. You need to trust your self signed certificate.

    I tried those already but didnt worked. Will try with some work around and update you accordingly.

  • 0
    alper created
    Support Team

    thank you. waiting your reply

  • 0
    viswajwalith created

    Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.

    As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.

    2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - -
    2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition"
    2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition"
    2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application.

    Not only the port, the protocol also you need to update. It should be http://localhost.
    It is still making requests to old url. Try recycling the application from the iis pool.

    Although your main problem with https is with your IIS server. The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot. You need to trust your self signed certificate.

    I tried those already but didnt worked. Will try with some work around and update you accordingly.

    Finally we are able to get that working after using the valid SSL certificate. but with IIS self signed and other generated certificates issue is still there.

    I am closing this as it is working with actual SSL certificate. Thanks for the support.