{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Bombasti 的问题《IdentityServer: The remote certificate is invalid》','https://www.manongdao.com/q-146826.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to setup SSO using OWin and Thinktecture Identity Server but I am not having any luck getting the SSL certificate to work. At least I think that's the problem. All works fine when I'm in visual studio, but if I try to use IIS on my machine it gives me the error "The remote certificate is invalid according to the validation procedure". I've also tried using IIS as the client treat the instance running in visual studio as the token authority but I still get the same error. Anyone have any ideas on what I'm doing wrong?
相关问题
- Mechanize getting “Errno::ECONNRESET: Connection r
- Tomcat and SSL Client certificate
- Can we add four protocols to ServicePointManager.S
- .NET Core gives unknown error while processing HTT
- JDK 11. javax.net.ssl.SSLPeerUnverifiedException:
相关文章
- ssl配置问题
- Intermittent “sslv3 alert handshake failure” under
- Making a two way SSL authentication between apache
- decrypt TLS 1.2 AES-GCM packet
- How to use Jetty with Let's Encrypt certificat
- Sending email using php, gmail, and swiftmailer ca
- Can't pip install packages in python 3.6 due t
- How to disable tls 1.0 and use only tls 1.1 using
In my case I was just trying to work through the samples (for ID3v2) and getting the cert errors running locally. Since some samples even do self hosting via owin I'm not even sure where it's getting the certs for host side??
Anyway my fix was to copy the cert to the Trusted Root:
Done. Enjoy.
Some times it doesn't work though the above settings were done and you have given the URL as "https://localhost", instead give the URL as "https://MachineName". i.e machine name should match certificate's "issue to" value
After spending a lot of time for me the solution was pretty simple
I just opened the Certmgr.msc ---> deleted the localhost certificate from the Trusted Root certification authorities.
Then opened my solution (after I had run the identity sever) clicked run the visual studio asked fro me if I want generate new certificate to iis express (ssl), I had clicked yes and then it started to work properly:)
You need to add whatever certificate IIS is using to your Trusted Root Certification Authorities store on your local computer.
For .Net Core change TrustServerCertificate=False to TrustServerCertificate=True and that will solve your problem like I have it below.
Adding certificate to Trusted People store should be enough according to readme file in examples provided by the authors.
In a production scenario it should be better because Root store is for CAs and when you add something there that authority is not only trusted, but any certificate signed by it is automatically trusted.
You can check this an further details from the microsoft reference. An extract of the 2 store short description:
Root: Certificate store for trusted root certification authorities (CAs).
TrustedPeople: Certificate store for directly trusted people and resources.
P.S: I tested it an it works. In my scenario I have IS on machine A and a set of web applications using IS on machine A and B. IIS certificate on machine B is different from the one used in A and by IS, but I just added it on machine B Trusted People store and the "certificate error" disappeard.