I have deployed the java service (Spring-boot) under the docker container and have been using embedded tomcat with SSL configurations specified in application.properties file.(I am using cert.pem file generated by let's encrypt authority.)
Before making the service https, I was receiving webhooks from Twilio but as soon as I make my services https secured, I stopped receiving callbacks.
In Twilio console, debugger events shows following error:
Twilio was unable to fetch content from: https://example.com:8081/twilio/room-events
Error: Handshake failure: certificate exception
While sending events -> Twilio receiving error:
Msg "Video: Callback request was unsuccessful"
httpResponse "502"
and in header:
X-Twilio-WebhookAttempt 2
X-Twilio-WebhookRetriable true
X-Twilio-Reason Certificate exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Content-Length 462
Content-Type text/html
I won't be able to find any solution as I don't have idea about what is happening here.
To resolve the error, I have tried adding certificates in the keystore to resolve the issue (DigicertGlobalRootCA.cert) (source:https://support.twilio.com/hc/en-us/articles/360007853433-Troubleshooting-Certificate-Errors-from-the-Twilio-REST-API)
But it is not resolved yet.
I am using this MultiValueMap<String,String> as a request parameter with POST request to receive the events.
PS : When I am using it in a local with the ngrok setup. it's working perfectly fine.
Thank you for your help.
I was using the cert.pem file provided by the Let's encrypt. Instead of cert.pem, fullchain.pem needs to be used in order to communicate with the external world.(In java keystore)
Used the below URL to find out the SSL validation:
https://www.sslshopper.com/ssl-checker.html
Took reference from this wonderful article for getting information about the certificate chain.
https://medium.com/#superseb/get-your-certificate-chain-right-4b117a9c0fce
Related
Occasionally, the certificate used to bind HTTPS disappears.
When I try to access the Internet through HTTPS its display: "not possible to reach the site".
Also, when this happens, 2 errors appear in the event viewer window:
Schannel error - "A fatal error occured when attempting to access the TLS server cerdential private key. The error code returned from the cryptographic module is 0X8009030D.The internal error state is 10001."
HttpEvent - "An error occured while using SSL configuration for endpoint 0.0.0.0:443. The error status code is contained within the returned data."
Attached link for these 2 errors
Note that these two errors always appear when the server is not working.
The certificate is from GoDaddy.
When I restart IIS the site works again and I can enter it.
Can anyone help me solve this problem? How can I make this certificate binding to stay forever?
Anyone encountered this error? kCFErrorDomainCFNetwork error 311?
I wrote a simple cordova application running in iPad (iOS 9 up). This applications calls an HTTPS api but throws this error kCFErrorDomainCFNetwork error 311.
Pleas note that the HTTPS Server has a valid CA Issued SSL Certificate.
I googled a lot on this error but without any luck and only managed to found this cfStreamErrorHTTPSProxyFailureUnexpectedResponseToCONNECTMethod that has an int value of 311 and it says that
The HTTPS proxy returned an unexpected status code, such as a 3xx
redirect
Indeed the resource that i am invoking is returning a 302 which unfortunately i have no control of.
And to access the https server, i have to specifically connect to a wifi proxy where the IP address is whitelisted in the https server.
I hope someone from this great community could provide me some light on this error.
Thank you.
I also have received the same error. The problem is that you are accessing network through a proxy which needs to be authenticated before you send a request.
In your case, generally if you are accessing internet in the system browser, you might have proxy settings(along with authentication) in your browser or system preferences -> network -> Advanced -> Proxies.
In order to address the authentication issues while URL requests, Apple has given documentation in this regard - https://developer.apple.com/library/content/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html.
For a simple model implementation just refer to Simple example of NSURLSession with authentication
I am trying to make a proxy CAS webapp using PHPCAS library version 1.3.3. At first I tried an example from the docs but unfortunately I got an error and said that I wasn't authenticated.
I was using the example_proxy_GET.php and on the log it said like this :
Authentication failure: Ticket validated but no PGT Iou transmitted [AuthenticationException.php:80]
Reason: no CAS error [AuthenticationException.php:94]
The authentication was successful on validate the ST (Service Ticket) but the log also said that :
<proxyGrantingTicket> not found [Client.php:2541]
CAS_AuthenticationException::__construct(CAS_Client, 'Ticket validated but no PGT Iou transmitted
So, my question is that the Single Sign-On server (CAS 2.0 I think) that was not sending a PGT Iou (so there's misconfiguration on the server) or there's something wrong on the examples file?
And if the server was misconfigured, what should I do?
Thanks
UDPATE
I'm using a private IP address and when I tried open the CAS server log on tomcat, here's it said
2015-04-09 11:56:41,428 WARN [org.jasig.cas.util.HttpClient] - <Socket Timeout Detected while attempting to send message to [http://10.10.100.102/sso/docs/examples/example_proxy_GET.php].>
My guess was that I should use some public IP / domain to use the CAS properly
It turns out that I need setup a https server to use the proxy feature on CAS.
I found the detail on here
https://wiki.jasig.org/display/CASC/phpCAS+requirements
I want to use MPNS in my windows phone app and we are going to authenticate the webservice which is sending the push to clients.
I have the done the all steps that are needed for MPNS authentication.
Uploaded the certificates on my WindowsPhone dev dashboard.
Created the channel name with the common name of my certificates
Getting the return URI with https:// thats mean my push channel is authenticated
Adding certificates to my WebRequest header
But when I am going to send push message and send webrequest but I am getting "The remote server returned an error: (403) Forbidden." response. I have read that I am doing something wrong with my request and not adding certificate properly.
Here is my code for Request Header
X509Certificate2 Cert = new X509Certificate2(Server.MapPath("Certs/abc.crt"), "password");
request.ClientCertificates.Add(Cert);
We have verisign ssl and i am testing this from my visual studio IIS. Its not hosted on any server right now and even not configured in IIS and no SSL configured for IIS.
Is that the issue or something else.
There's no unique answer for your problem.
However, when you add a client certificate to your request you only add the public key to it. The server will then respond with a challenge signed with your public key (see client certificate authentication) and you need to decipher and respond to it with your private key. If this authentication process fails, you will get a 403 forbidden.
Therefore, you must ensure that the .pfx/.p12 (containing your private key, public certificate, intermediate CA and Root CA certificates) is imported to your local machine certificate store and that your IIS server has access to it.
Because there are so many variables related to Windows, you can use Curl instead for testing purposes. Note that you must convert your .pfx/.p12 to .pem first (use openssl).
curl --cert P:\cert.pem:PASSWORD -v -H "Content-Type:text/xml" -H "X-WindowsPhone-Target:To
ast" -H "X-NotificationClass:2" -X POST -d "<?xml version='1.0' encoding='utf-8'
?><wp:Notification xmlns:wp='WPNotification'><wp:Toast><wp:Text1>My title</wp:Te
xt1><wp:Text2>My subtitle</wp:Text2></wp:Toast></wp:Notification>" https://am3.n
otify.live.net/unthrottledthirdparty/01.00/push_uri_here
Once you get that working, you may face the same problem as me: some notifications are being sent correctly and some others are rejected with a 403 forbidden for no apparent reason. See this thread:
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/383617ab-eafe-45fb-92cc-5e4b25a50e7f/authenticated-push-notifications-failing-randomly-403-forbidden?forum=wpnotifications
and the same here:
https://stackoverflow.com/questions/23805883/windows-phone-authenticated-push-notifications-failing-randomly-403-forbidden
I am trying to generate proxy code using svcutil.exe. Service is running on the same box.
Here is console output. Any idea what's wrong?
SvcUtil.exe https ://xyz:xxx/servicename/wsdl?wsdl
Attempting to download metadata from 'https://xyz:xxx/servicename/wsdl?wsdl' using WS-
Error: Cannot obtain Metadata from https ://xyz:xxx/servicename/wsdl?wsdl
WS-Metadata Exchange Error
URI: https ://xyz:xxx/servicename/wsdl?wsdl
Metadata contains a reference that cannot be resolved: 'https ://xyz:xxx/servicename/wsdl?wsdl'.
There was no endpoint listening at https://xyz:xxx/servicename/wsdl?wsdl that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
The remote server returned an error: (404) Not Found.
HTTP GET Error
URI: https ://xyz:xxx/servicename/wsdl?wsdl
The document was understood, but it could not be processed.
The WSDL document contains links that could not be resolved.
There was an error downloading 'https ://localhost:xxx/servicename/wsdl?wsdl=wsdl1'.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.
Are you sure that's the right address for the wsdl?
What are xyz and xxx? Is xxx a port number?
For example, if you browse to it using your web browser, can you see the wsdl correctly?
You can try different urls like:
http://domain/servicename
http://domain/servicename?wsdl
https://domain/servicename
https://domain/servicename?wsdl
Do any of those work in your browser and\or using svcutil.exe?
Which version of svcutil.exe are you using?
What type of web service is it that you are trying to connect to?