When trying to deploy a .net core web app I get this error below. My hosting company told me they downloaded VS 2017 and successfully deployed using the same publishing profile. The only difference I could determine was that they saw a certificate warning and were able to accepted the untrusted certificate. The domain does has an SSL cert setup via LetsEncrypt. I did try to deploy before setting it up. Maybe it being missing is cached in the app?
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
ERROR_CERTIFICATE_VALIDATION_FAILED
Even though your website may have the LetsEncrypt certificate installed, you also need to have a valid certificate installed on the IIS Management Service for Web Deploy to work.
You can set your publish profile to AllowUntrustedCertificate to true to ignore the issue:
SO: allow untrusted certificates
If you do want to use your LetsEncrypt cert, this is how I got it to work (instructions may vary based on your IIS version):
Open MMC (Windows button + X -> Run -> type MMC and press enter
From the MMC menu bar select File -> Add or Remove Snap-ins
Select Certificates then click on Add >
Select Computer Account, Click Next
Select Local Computer, Click Finish and then OK
Expand the Certificate tree to Web Hosting -> Certificates
You will now see your list of LetsEncrypt certificates installed on your server, right click on the one you want to use for web deploy and select Copy
In the Certificate tree of MMC now expand Personal -> Certificates and right click and select Paste
Open IIS Management, click on the server node and open Management Service under management:
Click on Stop in the actions pane on the right to enable changes to be made to the service
Using the drop down under SSL Certificate you should now see your LetsEncrypt certificate you pasted in step 8, select it.
Click on Apply in the actions pane on the right and then click on Start
To test the certificate is now working open your web browser and navigate to https:yourdomainname:8172/msdeploy.axd
Instead of an SSL error you should now be asked to provide credentials to log on. Cancel the logon and go ahead and try publishing using Web Deploy.
Related
I just started working on a .NET project again that I hadn't touched in about a month, and suddenly in my localhost environment I'm getting ERR_CERT_AUTHORITY_INVALID errors when I try starting my application. I used dotnet dev-certs commands to regenerate the localhost certificate, but what's weird is it looks like Chrome is sourcing this localhost certificate from elsewhere. In the Developer Tools pane, I see this (notice the Validity Period):
I don't know why it shows that invalid Validity Period because I just generated a new localhost cert tonight, and I've blown away Chrome's SSL cache numerous times tonight. The following certificate appears in both the Personal > Certificates and Trusted Root Certification Authorities sections of certmgr.
Could someone please help me understand why Chrome thinks my localhost cert is from an invalid authority and how I can correct this issue? The last valid version came from the exact same place (although I think something else might have generated it because I don't recall using dotnet dev-certs CLI commands to create the original cert).
Well this is incredibly stupid. After wasting hours last night and an hour or two tonight of trying fixes I found in blogs and whatnot, an answer on a similar StackOverflow question stated I should attempt repairing my Visual Studio install. Sure enough, doing that resolved the issue.
After I repaired my Visual Studio install and loading up my project I was having HTTPS issues with, I got a dialog box from VS2022 like the one below (snipped from bing.com/images since I dismissed my dialog while trying to fix this) and I selected "Yes".
This added a new certificate but strangely it only added it to the Trusted Root Certification Authorities in certmgr and not to Personal, whereas the one I generated from dotnet dev-certs CLI commands created two; one in Trusted Root Certification Authorities and the other in Personal. The below screenshot shows both certificates; "IIS Express Development Certificate" is the one that resolved the issue and the one that was created by repairing VS2022.
I don't know why VS2022 didn't prompt me to renew the certificate after it was expired. On the bright side, assuming this never gets addressed in a future iteration of Visual Studio, after going through this experience I'm sure that by 10/3/2027 that I'll remember everything that transpired here today and that I must repair my installation of VS20XX if I want to avoid wasting hours of my time due to a localhost SSL certificate expiration.
After I have spent lot of times of searching the solutions, finally I am able to solve it by following the steps below. Hopefully, this will save your days.
open dev tools in chrome, go to Security tab and click on the View certificate.
go to Details tab and click Copy to File...
then Certificate Export Wizard windows will pop up and click the Next button to continue.
remain DER encoding options, click Next and choose Browse, save it and name the certificate as localhost.cer. You should see your saved certificate on your saved path chosen just now.
open chrome://settings/ by copy this in the browser url box.
choose Privacy and security in the side menu > Security > Advanced > Managed Certificates
Certificates window will pop up as below. Choose Trusted Root Certificate Authorities tab and click Import...
import the localhost certificate which saved to chosen path just now at steps 4.
click browse to import the locahost.cer and click Yes to finish the import certificate process.
Close everything and restart your chrome browser. Remember to rebuild and rerun your project if you running the project using dotnet run command prompt for the changes to take effect in the browser.
Now you should be able to access any localhost website urls with secure tag.
Hello I have a website hosted on remote desktop. ("mywebsite.com")
I want to host another web app with domain "app.mywebsite.com". I created a website in IIS but its not working. What's the configuration setting I need to do make this working ?
(I use IIS7) first app(mywebsite.com) is hosted before. I downt know anything about.
I just created an app and want to host it in same remote desktop with "app.mywebsite.com" alias.
there is an warrning seem on basic settings > Test settings pane
Error message is : "The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that \$ has Read access to the physical path. Then test these settings again."
How can I fix this ?
Thanks for help
You'll need to add a binding:
Open IIS Manager.
In the Connections pane, expand the Sites node in the tree, and then click to select the site for which you want to add a binding.
In the Actions pane, click Bindings.
In the Site Bindings dialog box, click Add.
In the Add Site Binding dialog box, add the binding information and then click OK.
I have installed IIS on windows 7 home basic (http://www.iis.net/learn/install/installing-iis-7/installing-iis-on-windows-vista-and-windows-7).
Though some of the options were missing.....
after installation when I tried to access IIS, I got following error:
HTTP Error 404.4 - Not Found The resource you are looking for does not have a handler associated with it.
What do you mean you're accessing iis? Is it via a URL?
A 404 error means the server hasn't found the file it's looking for?
You may need to correctly configure a default page on the server (you may need to create a page 'default.htm', or 'default.aspx'
you'll need to try adding the IIS management console:
go to 'add/remove programs'
select 'turn windows features on or off'
click '+' next to 'Internet Information Services'
exp[and 'web management tools'
check 'iis management console'
this will install the console
try again, you may find that it works
locate the console (right click 'Computer' on the Start menu, select 'manage', under 'Services and Application', click 'Internet Information Services (IIS) manager
Under IIS, select 'Default Document'. This will show you what documents IIS is looking for.
Try creating a document at whatever location IIS is looking for (by default this is c:inetpub > wwwroot). IIS probably uses the default file 'iisstart.htm' that's in the wwwroot directory when you browse to http://localhost, but you can try
You may need to create a website in IIS first, using the management console that you've installed, and provide a default page. Creating and setting up a website is a whole topic in itself
I am running IIS 7 on Windows Server 2008 R2 with PHP 5.4. One of my PHP scripts is trying to access a file on a protected network share using a UNC path. How can I change the IIS service account to an account that has permission to access the share? This is really easy to do on Apache HTTP server (you just change it), but it's not clear how to do with IIS. What can I do?
Update:
I was able to get things working using the "Connect As" option in the "Basic Settings" of my website and then specifying an account that has access to the network share. It appears that my problem is related to this question:
https://serverfault.com/questions/366234/iis-identities-application-pool-vs-connect-as-in-basic-settings
For IIS 7 running on Windows Server 2008 R2 ... In the IIS Manager, select the Application Pool under which your Web Site is running.
Click "Advanced Settings". There will be an entry for Identity (it is under the Process Model section). Click it, provide credentials for your account that has permission to access the share.
UPDATE
You should make sure that if you are using an Active Directory Domain Account, you provided that correctly under Identity for the running App Pool. For example, MYDOMAIN\myAccount.
After making this change, you will need to do the following:
Stop the Web Site.
Recycle your Application Pool.
Start the Web Site.
UPDATE II
From the comment discussion on this answer, #HydroPowerDeveloper was able to get the PHP script to be able to access the network share via UNC path using WebSite -> Basic Settings -> "Connect As" and setting the credentials there.
In the past, I have always used the approach of setting Identity via Application Pool and that has allowed my code to access Network shares via UNC path.
However, all of the sites/applications I have deployed on IIS are .NET based WCF or ASPX sites.
I would speculate (but am not 100% certain on this, would need research/testing to confirm) that the Identity specified in the Application Pool is used by executing .NET code, whereas the "Connect As" is used by the PHP script.
Generally the Application Pool is set using the least amount of privileges as possible.
http://msdn.microsoft.com/en-us/library/ff647402.aspx
The easiest route is to allow access to the current IIS account.
In Explorer, navigate to the shared directory.
Right Click -> Properties -> Security
If you don't see the expected IIS user in the list (Group or user names), edit and add the user as required.
I used "NETWORK SERVICE" -> Check names.
The detailed instructions are on that site.
In this way, the system is still restricted, we're ONLY allowing access to specific directories, we don't need to create any new users, we don't need to recycle the application pool and we don't need to perform any nifty impersonation code.
To resurrect an old question...
I've just been setting up a Win 2016 server that uses some Perl to access a UNC share. I set the Application Pool to an account that I verified had the correct permissions on that share. I then set up my site to 'Connect as...' (under 'Basic Settings') the same user. I still couldn't get access working.
Much head scratching later, I realised that my 'Virtual Directory', cgi-bin, was running under the original 'pass through' account. I then set up the virtual directory to 'Connect as...' the same account as the site and the application pool and, bingo, it all works fine.
So, remember to update any Virtual Directories as well as the site and App Pool...
I have a web site that is created in visual studio 2010 through: File > New > Web site (it is not a Web Project).
I want to publish a release version of my web site but there is no 'Release' mode in VS and there is no possibility to add 'Release' mode through Build > Configuration manager.
How can I publish a release version of my web site ??(I can not convert my web site to a Web Project)
Thank you very mush for your reply.
When you have a website project and your using VS 2010 then somewhere amongst the menu options in the menubar across the top should be an option caled COPY WEBSITE (I think its in the website menu).
So you click WEBSITE > COPY WEBSITE then you will see a new tab appear very similar to an FTP kind of interface, with your LOCAL files on the left and the remmote server hosting on the right.
You could use either FTP or Direct upload but the very last time I could only use it via FTP.
(Of course this may be a personal issue and not affect anyone else).
It goes without saying that if you dontr have a server to upload your website to then it can not be "released" as you called it.
Usually the server or hosting is either on your own server or on a remote (Paid for) server with a service provider.
With reference to the photo below....
Area-1 is where you enter the FTP or HTTP address of the server where you will upload te files.
Loacl-Files This shows your completed website files
Remote-Files This shows the files on the server
Controls These button are used to upload or download files to and from the server
Note that you must have an FTP username and password to use FTP/HTTP transfer,
Some hosts may prefer you to use your admin account username and password.
Hope this helps point you in the right direction