Ι have an IoT device posting data to a web app hosted to IIS 6.2.
Posting with http is working perfectly. When i change it to https i am getting handshake error.
The same web app has web interface that uses the same SSL certificate and works perfectly on all browsers. Thus I guess, that SSL setup is correct.
I have tried to change the server certificate with a self signed certificate create from IIS with the same results.
I have also tested the IoT device to other servers with SSL and it works.
Here is the wireshark communication
and here are the SSL protocols available on server
i am also attaching a report from ssllabs
any ideas?
Related
I have one AWS EC2 machine and my client and API applications both deployed in the same machine. I have enabled SSL for client (react app) but when I enabled it this time I could not fetch data from API because it is not SSL enabled it serves from "HTTP" not "https" so I get et::ERR_SSL_PROTOCOL_ERROR error. I looked some ways to enable SSL from API, I can use nginx SSL but my client uses nginx SSL with port 443. How my API can serve from the same port?
I could not solve this issue before client SSL enabled, it worked with API but now I does not.
Could you help me?
I'm using an Azure Application Gateway v2 to route traffic to a backendpool containing VMs running some docker container hosting an aspnet core webapi. The application is listeing in port 443.
The gateway listener is configured to accept HTTPS connections. A pfx certificate has also been added.
The HTTP setting of the gateway is configured as follow:
I've provided, hopefully, the correct root certificate for the setting. I've exported the certifacte as described here:
https://learn.microsoft.com/de-de/azure/application-gateway/certificates-for-backend-authentication
All VMs from the backend pool use the same certificate as the gateway listener.
When calling the api using a C# application or open a specific url within a browser, the connections seems to be trusted.
But I get an error when calling the api using postman with endabled SSL cerificate verification.
Error: unable to verify the first certificate
A check on sslhopper.com also indicates an issue within the chain.
I got further information doing a chekc on digicert.com.
TLS Certificate is not trusted
The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.
I'm really stuck in resolving the issue. All helpful hints are very welcome.
The production environment, running on a Windows Server, wihtout the Gateway but the same certificates is valid. So the issue must be somewhere in the gateway configuration.
The issue is resolved. The crucial clue was delivered from a blog post.
http://blog.repsaj.nl/index.php/2019/08/azure-application-gateway-certificate-gotchas/
Gateway V2: the importance of the certificate chain
I did a new export of the pfx certificate including the whole chain and uploaded it to the gateway.
If the cert is not trusted, then you need to check the Application Gateway Listener. Make sure that you are not using Basic listener.
If you are using multi-site listener, make sure that the host name which you have mentioned matches with the certificate CN
I have developed a RESTful web service using Node.js. I want to host this service on my home PC which is having static IP(which can be access from internet). But I want to host this service using SSL. Note that my home PC is not associated with any internet domain. So I want to know how to host my Webservice using ssl on my home PC. Also I want to know where to buy ssl certificate and what type of certificate? Because most of the certificate authorities who sells certificate talking about ssl for website only.
I have setup a webapp to work with websockets.
This webapp worked fine over local/wired network.
I realiced (maybe im wrong) that websockets cannot work over mobile network 3G/4G because of ISP proxies. But then i saw that secured connection pass through mobile networks proxies (https://github.com/websockets/ws/issues/257).
So i created a simple self signed cert using openssl.
Finally my application works over https to host WSS protocol. So now i tried to connect with my phone using 4G but page does not load. But it works perfectly over WIFI connections, also with my desktop PC.
https://ciroreed.net:8080/
Can i provide other useful information?
EDIT
The problem was that mobile networks sometimes wont load ws:// protocol.
We solve this setting up an https server, and ofc use wss protocol also.this package for sockets https://www.npmjs.com/package/ws
To ensure websocket works here is my advice:
use wss, not ws
use a valid signed certificate
check your wss endpoint with ssllabs.com (especially for missing intermediate certificate, the most common error)
I have a web role which is configured for 2 endpoints, one http, one https 443:
Then I have 3 certs (one is the main and 2 are CA). I have uploaded all of these and also checked thumbprints are correct.
But when I deploy, the http site works fine but the https site does not. Fiddler shows:
Authentication failed because the remote party has closed the
transport stream
Any ideas?
Note: Also worth noting this https works fine when on local machine through Visual Studio and only reports the certificate error, which is expected.
First, open the portal and enable RDP to the instances, then connect to the role instance, open IIS, and verify the HTTPS binding is configured properly. Try accessing the site using https locally from the server and verify it works.
Report with the findings.