发表新帖
发表新帖

IdentityServer: The remote certificate is invalid according to the validation procedure

后端 未结
关注
7 1723
闹比i
闹比i 2020-12-08 06:56

I\'m trying to setup SSO using OWin and Thinktecture Identity Server but I am not having any luck getting the SSL certificate to work. At least I think that\'s the problem.

相关标签:
7条回答
  • 甜味超标
    2020-12-08 07:17

    After spending a lot of time for me the solution was pretty simple

    I just opened the Certmgr.msc ---> deleted the localhost certificate from the Trusted Root certification authorities.

    Then opened my solution (after I had run the identity sever) clicked run the visual studio asked fro me if I want generate new certificate to iis express (ssl), I had clicked yes and then it started to work properly:)

    0 讨论(0)
  • 挽巷
    2020-12-08 07:17

    You need to add whatever certificate IIS is using to your Trusted Root Certification Authorities store on your local computer.

    0 讨论(0)
  • 长发绾君心
    2020-12-08 07:21

    That can be caused by bad configuration on a previous certifications (sometimes can happen when you disagree to install a certification) :

    1. Windows Start and open Certmgr.msc
    2. Under Personnel/Certificats, find all localhost certificats and delete them
    3. Same thing to do under Trusted Root Certification, and then close.
    4. Start your application, you will get an exception.
    5. Open the Package Manager Console and excute: dotnet dev-certs https --trust
    6. Restart your application, normally you have a valid certificat now.
    0 讨论(0)
  • 盖世英雄少女心
    2020-12-08 07:26

    In my case I was just trying to work through the samples (for ID3v2) and getting the cert errors running locally. Since some samples even do self hosting via owin I'm not even sure where it's getting the certs for host side??

    Anyway my fix was to copy the cert to the Trusted Root:

    1. Windows Start button, run MMC.EXE
    2. File, Add Snap-In: Certificates
    3. Use Computer Account, Local computer, Ok
    4. Go under Personal / Certificates
    5. Right click "localhost" and drag and drop on Trusted Root ....
    6. Select "copy"

    Done. Enjoy.

    0 讨论(0)
  • 慢半拍i
    2020-12-08 07:35

    For .Net Core change TrustServerCertificate=False to TrustServerCertificate=True and that will solve your problem like I have it below.

    "DataConnect": "Server=tcp:127.0.0.1,1433;Initial Catalog=dbName;Persist Security Info=False;User ID=username;Password=password;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;"
    0 讨论(0)
  • 礼貌的吻别
    2020-12-08 07:40

    Adding certificate to Trusted People store should be enough according to readme file in examples provided by the authors.

    In a production scenario it should be better because Root store is for CAs and when you add something there that authority is not only trusted, but any certificate signed by it is automatically trusted.

    You can check this an further details from the microsoft reference. An extract of the 2 store short description:
    Root: Certificate store for trusted root certification authorities (CAs).
    TrustedPeople: Certificate store for directly trusted people and resources.

    P.S: I tested it an it works. In my scenario I have IS on machine A and a set of web applications using IS on machine A and B. IIS certificate on machine B is different from the one used in A and by IS, but I just added it on machine B Trusted People store and the "certificate error" disappeard.

    0 讨论(0)
 看不清?
提交回复
热议问题