I have inherited an ASP.NET MVC Application and an ASP.NET Web Api which both use SSL along with the api requiring client certificates. Both have been in production for over a year now with minor changes.
For development everything was originally set up with IIS Express and everything worked fine but now I have a requirement to move the local dev environment out of IIS Express and into Local IIS. My problem is all requests from the app to the api are failing with my setup.
I think I have my IIS (Windows 7 IIS 7.5) setup correct but it’s possible I could have something wrong. I have two different sites running on different ports for the api and app as well as what looks to be the appropriate settings for SSL and one to one mapping. Both sites have different app pools with two local users setup (I tried NetworkService originally). I added two domains to my host file (localapp.com and localapi.com) and I created two certificates for both domains with makecert. The api certificate is marked for server authentication and the app certificate is marked for server and client authentication (I have tried separate certificates for both purposes). The two SSL certificates have private keys that were marked as exportable when added to the certificate store and I have given private key permissions to the two local accounts. My self-signed root certificate is added to the LocalMachine root certificate store and the two site certificates (signed with the root certificate) are in the LocalMachine personal store. I can connect to both sites independently and don’t receive any warnings about certificate errors.
If I access an api URL through Chrome I can select the appropriate client certificate and see the JSON data expected. Accessing the app is similar in that I don’t get any certificate warnings but no data is being returned in any api calls it makes.
The app is using RestSharp for its HTTP requests and I have verified through debugging that the correct client certificate is being added to the request and a private key does exist. The code that is adding the certificate to the request should be fine since it has been running for over a year and nothing has changed. Every api request from the app returns
“System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized”
and
“The request was aborted: Could not create SSL/TLS secure channel.”
If I look into the network trace I get the following in regards to the localapp.com certificate…
System.Net Information: 0 : [6564] SecureChannel#37489757 - Left with 1 client certificates to choose from.
System.Net Information: 0 : [6564] SecureChannel#37489757 - Trying to find a matching certificate in the certificate store.
System.Net Information: 0 : [6564] SecureChannel#37489757 - Locating the private key for the certificate: [Version]
V3
[Subject]
CN=localapp.com
Simple Name: localapp.com
DNS Name: localapp.com
[Issuer]
CN=DevRoot
Simple Name: DevRoot
DNS Name: DevRoot
[Serial Number]
975C024DB7A08A9A48BE78F3382D4A93
[Not Before]
12/31/2015 11:00:00 PM
[Not After]
12/30/2039 11:00:00 PM
[Thumbprint]
28F3032F0E6ED488CFFE6706D3B17F851EFE1860
[Signature Algorithm]
sha512RSA(1.2.840.113549.1.1.13)
[Public Key]
Algorithm: RSA
Length: 4096
Key Blob: 30 82 02 0a 02 82 02 01 00 a9 c2 27 fc 60 11 1d 99 fe 1e e7 fb 05 b4 75 33 4a e3 d5 33 15 0c 9d 72 6a 3a df e2 58 49 20 34 39 59 77 7e 85 f7 fa 93 53 92 1d fa 63 32 98 b1 66 74 b6 60 23 e2 2b 97 f6 d9 ce bb 0a 1a ae 2f c8 a1 44 6f 60 12 9a bd b6 33 87 90 8d 1c 1f 61 7e f5 85 41 de 30 11 78 01 72 6b eb 77 8e 1b 9f 58 45 f6 ad 0d d3 2d ec 59 1d 63 2a 18 2f 77 87 6c a3 fe ee 68 2e 12 94 6a d5 ce 69 77 98 f2 14 bd bb ff eb 49 ac 1d a5 06 bf 97 51 0e 36 e6 8f 55 45 a3 91 29 77 94 93 1a 78 54 ....
System.Net Information: 0 : [6564] SecureChannel#37489757 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [6564] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Error: 0 : [6564] AcquireCredentialsHandle() failed with error 0X8009030D.
System.Net Information: 0 : [6564] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Error: 0 : [6564] AcquireCredentialsHandle() failed with error 0X8009030D.
System.Net.Sockets Verbose: 0 : [16268] Socket#3648821::Dispose()
System.Net Error: 0 : [16268] Exception in HttpWebRequest#16098066:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [16268] HttpWebRequest#16098066::EndGetResponse()
System.Net Error: 0 : [16268] Exception in HttpWebRequest#16098066::EndGetResponse - The request was aborted: Could not create SSL/TLS secure channel..
The trace log looks like I don’t have permissions set up correctly but I have explicitly given the local users permissions to the private keys for both the app and api certificates. Everyone else with the 0X8009030D error looks to have solved the issue by adding the app pool user to the private key permissions. If I go to Manage Private Keys in the MMC snap in for the localapp.com certificate I see my LocalApp and LocalApi users having read permissions.
I am completely out of ideas on things I can try to get the communication to work. It is probably something very simple but no matter what I try it just won’t work.
Anyone ever try this set up before and have success or anyone have ideas I can try to get this working?
Any help is greatly appreciated.
Thanks in advance!
-Aaron
Related
I am broadcasting a BLE advertisement using the following command in linux :
sudo hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 63 6F 3F 8F 64 91 4B EE 95 F7 D8 CC 64 A8 63 B5 00 00 00 00 C8
The BLE devce is visible, but don't allow any connection (since it follows the iBeacon specs, I think).
So my question is, is there a way to create with BlueZ a BLE device that allows not just one, but several connections ?
I read somewhere that A BLE device should be able to allow up to 20 connections, against 7 for a classic bluetooth.
Thank you very much
This depends on your hardware and the Bluetooth version that it supports. With Bluetooth v4.1, all restrictions have been removed and your device can be a peripheral connected to multiple centrals. This is mentioned at this link:-
Beginning with version 4.1 of the specification, any restrictions on
role combinations have been removed, and the following are all
possible:
A device can act as a central and a peripheral at the same time.
A central can be connected to multiple peripherals.
A peripheral can be connected to multiple centrals.
Previous versions of the specification limited the peripheral to a
single central connection (although not conversely) and limited the
role combinations.
You can find out the Bluetooth version of your device via hciconfig -a:-
hci0: Type: Primary Bus: USB
BD Address: 00:11:22:33:44:55 ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING
RX bytes:736 acl:0 sco:0 events:57 errors:0
TX bytes:5366 acl:0 sco:0 commands:57 errors:0
Features: 0xff 0xff 0xcf 0xfe 0xdb 0xff 0x5b 0x87
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH HOLD SNIFF PARK
Link mode: SLAVE ACCEPT
Name: 'uknown'
Class: 0x1c0000
Service Classes: Rendering, Capturing, Object Transfer
Device Class: Miscellaneous,
**HCI Version: 4.0 (0x6) Revision: 0x22bb**
LMP Version: 4.0 (0x6) Subversion: 0x22bb
Manufacturer: Cambridge Silicon Radio (10)
I would recommend using the bluetoothctl utility on Linux to advertise, instead of doing it through hcitool given that hcitool is deprecated and is also not very user friendly. More information on using bluetoothctl to advertise and accept incoming connections can be found here:-
BlueZ: How to set up a GATT server from the command line
Does anyone know where I can find the descriptions of the SSH packet types received?
I am having trouble connecting via ssh to a router of mine and in the ssh debug I am receiving a packet type 1 from the router before disconnecting. Can't seem to find out what this mean.
Router IP address have been changed
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 1
Received disconnect from 192.168.1.1 port 22:11:
This document describes the following excerp of initially used packet types from the numbering scheme in detail.
Message ID Value Reference
----------- ----- ---------
SSH_MSG_DISCONNECT 1 [SSH-TRANS]
SSH_MSG_IGNORE 2 [SSH-TRANS]
SSH_MSG_UNIMPLEMENTED 3 [SSH-TRANS]
SSH_MSG_DEBUG 4 [SSH-TRANS]
SSH_MSG_SERVICE_REQUEST 5 [SSH-TRANS]
SSH_MSG_SERVICE_ACCEPT 6 [SSH-TRANS]
SSH_MSG_KEXINIT 20 [SSH-TRANS]
SSH_MSG_NEWKEYS 21 [SSH-TRANS]
SSH_MSG_USERAUTH_REQUEST 50 [SSH-USERAUTH]
SSH_MSG_USERAUTH_FAILURE 51 [SSH-USERAUTH]
SSH_MSG_USERAUTH_SUCCESS 52 [SSH-USERAUTH]
SSH_MSG_USERAUTH_BANNER 53 [SSH-USERAUTH]
SSH_MSG_GLOBAL_REQUEST 80 [SSH-CONNECT]
SSH_MSG_REQUEST_SUCCESS 81 [SSH-CONNECT]
SSH_MSG_REQUEST_FAILURE 82 [SSH-CONNECT]
SSH_MSG_CHANNEL_OPEN 90 [SSH-CONNECT]
SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91 [SSH-CONNECT]
SSH_MSG_CHANNEL_OPEN_FAILURE 92 [SSH-CONNECT]
SSH_MSG_CHANNEL_WINDOW_ADJUST 93 [SSH-CONNECT]
SSH_MSG_CHANNEL_DATA 94 [SSH-CONNECT]
SSH_MSG_CHANNEL_EXTENDED_DATA 95 [SSH-CONNECT]
SSH_MSG_CHANNEL_EOF 96 [SSH-CONNECT]
SSH_MSG_CHANNEL_CLOSE 97 [SSH-CONNECT]
SSH_MSG_CHANNEL_REQUEST 98 [SSH-CONNECT]
SSH_MSG_CHANNEL_SUCCESS 99 [SSH-CONNECT]
SSH_MSG_CHANNEL_FAILURE 100 [SSH-CONNECT]
In your case you (your ssh client) sent the packet type 50 which is SSH_MSG_USERAUTH_REQUEST as described in plain text by the debug line starting with debug2. Afterwards you receive a packet type 1 from the ssh server telling your client to disconnect without a specific reason (User auth failure would have been packet type 51).
So in order to tell you what your issue is exactly with this little information is not possible, but I hope the link to the documentation helps.
im using BTool to send commands to CC2540 bluetooth module. I want to get notifications. when I send notification command, btool displayed the sent command
[43] : <Tx> - 11:11:47.051
-Type : 0x01 (Command)
-OpCode : 0xFD9B (GATT_Notification)
-Data Length : 0x06 (6) byte(s)
ConnHandle : 0x0000 (0)
Authentic : 0x00 (0) (No)
Handle : 0x1B00 (6912)
Value : 00:50
Dump(Tx):
0000:01 9B FD 06 00 00 00 1B 00 50
the values of the Handle (temperature characteristic) and connHandle are correct, but I dont get any response from the server. is there any prior configuration to perform, like enabling notifications somewhere?
You need to enable notification for the characteristic. First you need to query for the client characteristic configuration uuid:
08 1B 00 1C 00 02 29
where first byte is the op read request, next two bytes are you handle id, subsequent two bytes are the range limit (handle id + 1), and the last two bytes are the GATT_CLIENT_CHARAC_CFG_UUID filter. You'll get a response similar to this:
09 04 LL HH 00 00
where the first byte is the response (read by type response), next byte is payload length, LL HH is the configuration characteristic handle, and the last two bytes are it's value.
At this step you can enable the notification by writing a 0x0001 to this handle id:
12 LL HH 01 00
At his point the notification for you characteristic should be enabled.
I am unable to create Apple Push Notification cert files. When I test .pem files I get an error.
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert pushapp_cert_dev.pem -key pushapp_key_dev.pem
will give an error:
unable to load client certificate private key file
140735327015760:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
I am following these instructions: https://github.com/raix/push/wiki/iOS-Micro-Walkthrough
pushapp_cert_dev.pem
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAw...ff6eVQDZV4=
-----END CERTIFICATE-----
pushapp_key_dev.pem
Bag Attributes
friendlyName: pushApp
localKeyID: EB 91 B3 CD A0 F5 9A 56 46 96 43 24 C8 B0 A7 56 62 01 9E 2C
Key Attributes: <No Attributes>
Both files are in the same location.
When I created the .pem file, I simply needed to enter passphrase (min 4 char) when prompted. First, I just skipped it because I didn't want to create passphrase. It doesn't give any error or otherwise inform that passphrase is required and it actually creates a non working .pem file.
I am running a JOGL based application, and it has been crashing when I perform certain drawing operations. However, The line it crashes on is a call to gl.glGenLists(1), so I'm not really sure how this could cause an error in the underlying application, since this line is a trivial line (unless the stack is in some sort of bad state - is that possible?).
I also tried updating my video card drivers and now it just freezes in the same place instead of crashing.
The relevant part of the crash report is below. Any help would be appreciated. I'm running an NVIDIA Quadro NVS 160M video card. Thanks.
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6dd7ccac, pid=5520, tid=5684
#
# JRE version: 6.0_16-b01
# Java VM: Java HotSpot(TM) Client VM (14.2-b01 mixed mode windows-x86 )
# Problematic frame:
# C [nvoglnt.dll+0x23ccac]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x692c4c00): JavaThread "AWT-EventQueue-0" [_thread_in_native, id=5684, stack(0x696f0000,0x69740000)]
siginfo: ExceptionCode=0xc0000005, writing address 0x00040008
Registers:
EAX=0x6d360798, EBX=0x6e562ffc, ECX=0x00040000, EDX=0xffffffff
ESP=0x6973ee1c, EBP=0x0000000d, ESI=0x6d360650, EDI=0x6d362311
EIP=0x6dd7ccac, EFLAGS=0x00010246
Top of Stack: (sp=0x6973ee1c)
0x6973ee1c: 00001343 00000014 00001344 6e563040
0x6973ee2c: 00000000 6d362310 00000040 7ffad000
0x6973ee3c: 6dd7cdb8 6e562ffc 00001343 6e3c7540
0x6973ee4c: 6dc792a8 00000014 6dbdb13b 00000001
0x6973ee5c: 6e3c7540 6d620000 6973ee90 6dc06fb8
0x6973ee6c: 6d620000 6e3c7540 00000001 692c4c00
0x6973ee7c: 63e576a0 63d38030 6b6c4c0e 00000001
0x6973ee8c: 0ab4f368 6973eeb8 010669c7 692c4d10
Instructions: (pc=0x6dd7ccac)
0x6dd7cc9c: 00 8b 4b 08 8b 7b 04 89 79 04 8b 4b 04 8b 7b 08
0x6dd7ccac: 89 79 08 0f 84 8c 00 00 00 8b 4c 24 14 8b 7c d1
Stack: [0x696f0000,0x69740000], sp=0x6973ee1c, free space=315k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [nvoglnt.dll+0x23ccac]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
J com.sun.opengl.impl.GLImpl.glGenLists0(I)I
...I omitted the rest of the stack, as this is the offending line ...
Despite the stack it seems to be nvoglnt.dll that is causing the trouble. Have you absolutely definitely installed the correct driver for your graphics device?