I configured SSL on my Windows HTTP server (HTTP listener) developed using HTTPAPI_VERSION_1 APIs using HttpSetServiceConfiguration.
I used a self signed certificate and followed the steps at this link to set it as trusted http://blogs.msdn.com/b/jpsanders/archive/2009/09/29/walkthrough-using-httplistener-as-an-ssl-simple-server.aspx
Then I tried using the sample in msdn named WinHttpPostSample to connect to the http server using https.
But WinHttpSendRequest API always fails with error
12044 (ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED)
How can we prevent the HTTP server from sending this error or to make it not compulsory for the server to have a client certificate to proceed ?
Related
I am working on HTTPS calls in jmeter. When I started to do the configuration I took help of stackoverflow. Surprisingly I found all I have to do is to change protocol from HTTP to HTTPS and it actually worked. Which makes me wonder how jmeter bypasses the certificate without any configuration?
Some sites use simple mode of HTTPS which doesn't require client installation
SSL and TLS encryption can be configured in two modes: simple and mutual. In simple mode, authentication is only performed by the server. The mutual version requires the user to install a personal client certificate in the web browser for user authentication.
As per 1.2.4 SSL Encryption chapter:
The JMeter HTTP samplers are configured to accept all certificates, whether trusted or not, regardless of validity periods, etc. This is to allow the maximum flexibility in testing servers.
If the server requires a client certificate, this can be provided.
I am trying to record my application under test which is on the intranet using the Jmeter recording controller. It manages to capture the URL but then starts showing DNS failure and response code 503.There seems to be some authorization issue. Any ideas on how I can provide authorization details (username/password) at the time of recording ?
For application authorization you can try adding HTTP Authorization Manager, it should be able to deal with at least Basic HTTP Authentication
For proxy authorization (if your machine is using proxy for intranet/internet access) you can specify username and password via -u and -a command-line arguments correspondingly like
jmeter -H my.proxy.server -P 8000 -u username -a password -N localhost
HTTP 503 status code indicates that a server is temporarily unable to handle the request.
So it would be a temporary failure of one of the intermediate components between JMeter and the server:
DNS Server
Proxy
Firewall
Load Balancer
Web server (Apache HTTP, Nginx, NodeJS...)
Application Server (J2EE, PHP, ASP servers)
An authentication error related to proxy would trigger a 4XX response code.
Checks the logs of each of the intermediate components , if you don't reproduce issue when using browser then have a look at:
http://jmeter.apache.org/usermanual/get-started.html#proxy_server
I am trying to do a testcase dealing with webservice REST in hosted Ape 5.0 Environment (apex.oracle.com).
There is a preinstalled Web Service in the Workspace "oracle.example.hr".
I have managed to call that Service from my Browsers URL.
But when i create a Web Service Reference to use that Service for an APEX Page, I receive the Errors:
ORA-29273: HTTP request failed
ORA-29024: Certificate validation failure
I am using the Oracle hosted Environment apex.oracle.com; thus I cannot apply ACLs etc.
Any suggestions?
Kind Regards,
Andreas Resch
Are you using https?
It seems that you are using a client that checks if the certificates are valid.
You can either solve the problem on the server (that is not configured with the correct certificate or configure the client to ignore this problem).
I am running webscarab from the jar
% java -jar WebScarab-ng-0.2.1.one-jar.jar
For normal websites (http) i am able to analyze the packets using webscarab. But if i enter any secure site (https), say https://www.gmail.com i am unable to view the pages.
I tried generating a certificate file for the site using the instructions from
https://www.owasp.org/index.php/Generating_Custom_SSL_Certificates_for_WebScarab
But still i am unable to view any https webpages.
I have configured proxy in firefox to localhost:8008 for all requests.
In the backend i am getting " incomplete ssl connection?".
You need to give more information. What browser are you using? What is the exact error message you are getting? Is is ALL SSL sites that you cannot access? Have you set the SSL proxy as well as the non-SSL proxy settings in the browser? Is the site using client SSL certificates?
I am currently working on a project that has the following components (all .NET 2.0)
Client Application
Web Service Invocation API
Web Service
In summary the Client Application creates and instance of the API and this calls the Web Service. Nice and simple and this all works exactly as I want it to.
The next stage of the project was to secure the Web Service with SSL. So I have created a "Self Signed CA" and from this signed a server certificate for IIS. Again, nice and simple and this all works exactly as I want it to.
The next stage of the project is to secure the Web Service by requiring the invoker to supply a client certificate. So I have created a client certificate (via the Self Signed CA). I am then adding this to the Web Service invocation call in the API:
WSBridge.Processor processor = new WSBridge.Processor();
processor.Url = this.endpoint;
processor.ClientCertificates.AddRange(this.clientCertificates);
processor.Timeout = (int)Settings.Default["DefaultTimeout"];
In debug I can see that this.clientCertificates contains the certificate I created. So in theory it is being presented to the web server.
However, when I attempt to call the Web Service I get the following exception in the API:
The request failed with HTTP status 403: Forbidden.
Fairly self explantory, but I have no idea what is causing the problem.
Other relevant information:
In my dev environment Client, API & Web Service are all running on the same machine
If I attempt to access the Web Service Description in IIS I get the following error (I am not prompted to choose a client certificate):
HTTP Error 403.7 - Forbidden
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.
The client certificate is loaded into the Personal store for the current user, the CA root is in trusted root for the local machine and current user.
If I switch off "Require SSL" and put "Client Certificates" on accept in IIS I can make my request. However when I look at HttpContext.Current.Request.ClientCertificate.Count in the Web Service this comes back as 0.
I need to be able to run my development with client certificates as portions of the service code use the CN of the client certificate to perform various actions. I could hack it in but it would be nice to be able to do a real end to end.
All the certificates mention here were generated using OpenSSL. I am developing on Windows 7 so I do not have the facility to install Microsoft CA
So, does anybody have any ideas as to the cause of this problem?
As an aside (not worth creating a new question for this) - for some reason when I enable SSL for the Web Service Visual Studio is no longer able to debug the service.
EDIT : Some more information
The client certificate has an intended purpose of <All>
Although I am working on localhost the server certificate for the web server was issued to devserver.xyz.com so I have changed my hosts file to point that to localhost. As such I can now browse (with client certs switched off in IIS) to my service descriptor page without seeing any SSL certificate warnings.
Well I have solved the problem, in summary this was due to the format of the client certificate this should have been PKCS12.
More Detail
Although the MMC Certificate plugin was showing the client certificate in the personal store for the current userm I noticed that when viewing the same store via Internet Explorer (Tools -> Internet Options -> Content -> Certificates) the certificate was not present.
After a little Googling it seems that IE will only accepts PKCS12 format for client certificates, so I convert the certificate with the following OpenSSL command:
openssl pkcs12 -export -in client_alpha.cer -inkey client_alpha.key -out client_alpha.p12
I then imported the p12 file into IE which allowed me to browse to the Web Service description page with full client/server certificated TLS.
Once I had made this change, I then retried by client application and this now works aswell. This is due to the fact that IIS, like IE, will only accept client certificates in PKCS12 format.