I am trying to connect to a client's Oracle database over SSL using the managed ODP.NET provider. The client has provided a self-signed certificate which I have imported on the server. To test the connection, I created a console app which simply opens the connection then closes it. This works successfully. However, when trying the same simple connection from ASP.NET on the same server, I always get this error:
Oracle.ManagedDataAccess.Client.OracleException (0x80004005): Network Transport: SSL failure in parsing wallet location --->
OracleInternal.Network.NetworkException (0xFFFFE700): Network Transport: SSL failure in parsing wallet location
Here is the connection string:
Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL = TCPS)(HOST = xxx.xx.xx.xxx)(PORT = 3484))(CONNECT_DATA=(SERVER = DEDICATED)(SERVICE_NAME = TEST.CLIENT.COM)(SID = TEST))); User Id = userid; Password = pa55word;
In the config files, I point to a directory for the SQLNET settings:
<oracle.manageddataaccess.client>
<version number="*">
<settings>
<setting name="TNS_ADMIN" value="C:\Oracle\tnsfiles" />
</settings>
</version>
</oracle.manageddataaccess.client>
And finally these settings from sqlnet.ora in that directory:
SQLNET.AUTHENTICATION_SERVICES=(BEQ,TCPS)
ENCRYPTION_WALLET_LOCATION = (SOURCE=(METHOD=MCS))
WALLET_LOCATION= (SOURCE=(METHOD=MCS))
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 1.2
Is there any reason why the connection from the console app succeeds, but from ASP.NET it fails on a wallet error? They are using the exact same settings. I tried a lot of different things but I welcome any suggestions.
Related
I'm currently trying to configure our WSO2 API Manager 3.2 to use our SSL certificate.
I followed the documentation "Creating a New Keystore" and "Configuring Keystores in API Manager".
I have updated the deployment.toml file:
[server]<br>
hostname = "myserver001.internal.net"
....
[keystore.tls]
file_name = "myKeystore.jks"
type = "JKS"
password = "secretpassword"
alias = "myserver001.internal.net"
key_password = "secretpassword"
[keystore.primary]
file_name = "wso2carbon.jks"
type = "JKS"
password = "wso2carbon"
alias = "wso2carbon"
key_password = "wso2carbon"
The servername is set to myserver001.
The domain name myserver001.internal.net is set in the host file.
After restarting the WSO2 APIM server an exception message is thrown:
SSLException: hostname in certificate didn't match:
<localhost> != <myserver001.internal.net> OR <myserver001.internal.net>
Does anyone knows what I have to change additionally, to come around this error or where I can find additional documentation?
Any help is appreciated
Looks this is due to the missing service_url of TM/Event hub config. So can you add/update the following config?
[apim.throttling]
...
service_url = "https://myserver001.internal.net:9443/services/"
I was in the exact same situation :
Migration from v2.6.0 to v3.2.0
Valid certificate
SSLException: hostname in certificate didn't match
I tried a lot of things, but after a lot of researches, I'd say that there is two possibilities :
It's a bug
It's a documentation problem, and we have to edit more things to make our certificate work
I believe that you changed the Dhttpclient.hostnameVerifier to another value than "AllowAll". See the doc about hostname verification.
It's just a workaround and it's probably not that secure, but you'll have to put back the default value for Dhttpclient.hostnameVerifier to avoid this error :
service wso2am-3.2.0 stop
nano /usr/lib/wso2/wso2am/3.2.0/bin/wso2server.sh
-Dhttpclient.hostnameVerifier=AllowAll \
service wso2am-3.2.0 start
I am trying to to do a POST to an API endpoint using Openedge.
I have installed the ssl certificate of the place i am requesting from but the https request fails, telling me it can't find the ssl certificate of that place (in my /usr/dlc/certs).
"_errors": [
{
"_errorMsg": "ERROR condition: Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for 85cf5865.0 in /usr/dlc/certs (9318) (7211)",
"_errorNum": 9318
}
]
So, i have resorted to doing an insecure request, like curl does it with the --insecure or wget does it with "no-check-certificate"
I am using the OpenEdge.Net Libraries on OpenEdge 11.6
creds = new Credentials('https://xxxx.com', 'usersname', 'password').
oPayload = NEW JsonObject().
oRequestBody = new String('CustomerReference=xxx&NoOfParcelsToAdd=2').
oRequest = RequestBuilder:Post('https://xxxxx.com/endpoint', oRequestBody)// Add credentials to the request
:UsingBasicAuthentication(creds)
:ContentType('application/x-www-form-urlencoded')
:AcceptJson() :Request.
oResponse = ClientBuilder:Build():Client:Execute(oRequest).
I want to know, for this OpenEdge.Net Libraries is there a tag that i can put in order to skip the checking of the certificate?
I don't know of any option to skip verification but I do know that a common source of that error is that your certificate authority is not in $DLC/certs. The default list of certificate authorities is fairly narrow.
USING OpenEdge.Net.HTTP.IHttpClientLibrary.
USING OpenEdge.Net.HTTP.Lib.ClientLibraryBuilder.
DEFINE VARIABLE oLib AS IHttpClientLibrary NO-UNDO.
oLib = ClientLibraryBuilder:Build()
:sslVerifyHost(NO)
:Library.
oHttpClient = ClientBuilder:Build()
:UsingLibrary(oLib)
:Client.
I try to get all Documents from Firestore using the below function.
The credentials are stored in an encrypted file in a GCP Cloud Source repository.
I decrypted the configuration in the Cloud Build trigger and set the ENV in the Dockerfile pointing to the file. I see the content by RUN ls /app/credentials.json.
The error I get in the application log:
rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"
The credentials are stored in an encrypted file in a GCP Cloud Source repository.
I decrypted the configuration in the Cloud Build trigger and set the ENV in the Dockerfile pointing to the file. I see the content by RUN ls /app/credentials.json.
The error I get in the application log:
rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"
This error is the result of an HTTPS failure where the certificate cannot be verified. The Alpine base image is missing a package that provides root certificates. Currently the Cloud Run quickstart is missing this for at least the Go language.
Assuming this is your problem, add the following to the final stage of your Dockerfile:
RUN apk add --no-cache ca-certificates
I have just installed an intermediate & primary SSL certificate on my VPS. Everything is working well, except when I make a cfhttp call:
<cfhttp url="https://advert.establishmindfulness.com/ad-zone-1/?categoryid=1" method="get" result="adzone" />
<cfdump var="#adzone#" />
From https://app.establishmindfulness.com to https://advert.establishmindfulness.com. These 2 subdomains are on the same server, and I am using a wildcard SSL certificate:
*.establishmindfulness.com
That covers all sub domains.
VPS environment
OS: Windows 2008R2 with IIS7
Application server: Lucee 4.5.2.018 final
Servlet Container: Apache Tomcat/8.0.28
Java: 1.8.0_66 (Oracle Corporation) 64bit
Do I need to install the intermediate.crt & primaryssl.crt into my keystore cacerts? Is this the problem?
I tried just installing the certificate.cer that I grabbed from Internet Explorer, but maybe this is the wrong approach?
I still get the error:
Error Detail
Unknown host: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
OK. For anyone who comes across this issue, instead of having to spend several hours pulling your hair out, I managed to get the connection to work:
This is taken from the following link:
https://groups.google.com/forum/#!topic/lucee/BPm8vYdgkPQ
Thank you Dominic Watson
I've just tried this and got it working:
Log in to Lucee server admin and navigate to "SSL Certificates"
Enter your host name "establishmindfulness.com" in the Host field (without the quotes)
Hit "list" button
Hit "install" button
That's it. The cfhttp call started working.
I'm trying to get Web Deploy to work from Web Matrix and I've searched through through all the logs and events and can't seem to find the source of the following error in the event viewer:
Log Name: Microsoft Web Deploy
Source: Web Deploy
Date: 9/4/2013 1:48:16 PM
Event ID: 1
Task Category: None
Level: Error
Keywords: Classic
User: XXX
Computer: XX
Description:
User:
Client IP:
Content-Type:
Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0
MSDeploy.VersionMax: 9.0.1762.0
MSDeploy.Method: GetPackage
MSDeploy.RequestId: 4cab8a9b-5c5c-4f99-8141-52e5453b88f9
MSDeploy.RequestCulture: en-US
MSDeploy.RequestUICulture: en-US
ServerVersion: 9.0.1762.0
Skip: objectName="^configProtectedData$"
Provider: iisApp, Path: xxx.xxx.xxx
A tracing deployment agent exception occurred that was propagated to the client. Request ID '4cab8a9b-5c5c-4f99-8141-52e5453b88f9'. Request Timestamp: '9/4/2013 1:48:15 PM'. Error Details:
System.Web.HttpException: The remote host closed the connection. The error code is 0x800704CD.
at System.Web.Hosting.IIS7WorkerRequest.RaiseCommunicationError(Int32 result, Boolean throwOnDisconnect)
at System.Web.Hosting.IIS7WorkerRequest.ExplicitFlush()
at System.Web.HttpResponse.Flush(Boolean finalFlush)
at System.IO.BufferedStream.FlushWrite()
at System.IO.BufferedStream.Flush()
at System.IO.BufferedStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at Microsoft.Web.Deployment.PackageSerializer.Dispose()
at Microsoft.Web.Deployment.DeploymentAgent.HandleGetPackage(DeploymentAgentWorkerRequest workerRequest)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequestWorker(DeploymentAgentAsyncData asyncData)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Web Deploy" />
<EventID Qualifiers="0">1</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-09-04T17:48:16.000000000Z" />
<EventRecordID>238</EventRecordID>
<Channel>Microsoft Web Deploy</Channel>
<Computer>xxxx</Computer>
<Security UserID="S-1-5-21-3588641846-14347574-4076679054-500" />
</System>
<EventData>
<Data>User:
Client IP:
Content-Type:
Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0
MSDeploy.VersionMax: 9.0.1762.0
MSDeploy.Method: GetPackage
MSDeploy.RequestId: 4cab8a9b-5c5c-4f99-8141-52e5453b88f9
MSDeploy.RequestCulture: en-US
MSDeploy.RequestUICulture: en-US
ServerVersion: 9.0.1762.0
Skip: objectName="^configProtectedData$"
Provider: iisApp, Path: xxx.xxx.xxx
A tracing deployment agent exception occurred that was propagated to the client. Request ID '4cab8a9b-5c5c-4f99-8141-52e5453b88f9'. Request Timestamp: '9/4/2013 1:48:15 PM'. Error Details:
System.Web.HttpException: The remote host closed the connection. The error code is 0x800704CD.
at System.Web.Hosting.IIS7WorkerRequest.RaiseCommunicationError(Int32 result, Boolean throwOnDisconnect)
at System.Web.Hosting.IIS7WorkerRequest.ExplicitFlush()
at System.Web.HttpResponse.Flush(Boolean finalFlush)
at System.IO.BufferedStream.FlushWrite()
at System.IO.BufferedStream.Flush()
at System.IO.BufferedStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at Microsoft.Web.Deployment.PackageSerializer.Dispose()
at Microsoft.Web.Deployment.DeploymentAgent.HandleGetPackage(DeploymentAgentWorkerRequest workerRequest)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequestWorker(DeploymentAgentAsyncData asyncData)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)
</Data>
</EventData>
</Event>
I used Web Deploy on the server to create the settings file using IIS on the host. This error appears during the simple web page compatibility test. Any clues as to what may be going on?
The error is basically because the remote server, or the hosting service provider closed the request.
Sometimes it is also stated as the server is trying to deny or is try to cancel the requests. For instance, a user started to download some file or a page, and the server is off so the download would be cancelled, or the download would fail.
There are many issues for this error code.
Here is a post from another forum. forums.asp.net
The best method would be to check the settings on the server that you are having hosting from. Or contact them directly to get help regarding this issue.
Edit:
Getting LogFiles:
You can get the LogFiles here:
start --> run --> LogFiles
2011-09-20 21:25:25 xx.xxx.xxx.xxx 36482 192.168.10.32 80 HTTP/1.1 POST /orders/mail/mailorderentry - - Timer_HeaderWait –
2011-09-20 21:22:29 xx.xxx.xxx.xxx 44399 192.168.10.32 80 HTTP/1.1 POST /orders/mail/mailorderentry - - Client_Reset –
HttpRunTime:
Secondly the request closed issue can also raise if the httpRunTime is out (timeout). But that exception isn't here I am sure, however still try this too: http://msdn.microsoft.com/en-us/library/e1f13641.aspx
Antivirus (If any):
Also, please try check if Antivirus is installed, then is it allowing the server to communicate with users or not? Sometimes along with Firewall, Antivirus might also try to stop the connections.
I recently had the exact same eventLogs, after the webmatrix web deploy throwed a "can not publish" (without any apparent reasons because it worked several month so far).
After some searches (unlucky) and a lot of fumbling, I got it to work again just by using a windows user with administrator privileges instead of the IIS Manager Users configuration.