I am using webservice in my .NET based application.The web services are called from control M job which connects to our server where B2B services are hosted and files are fetched. Recently the link between interface and webs service was broken. When I tried to hit the web service in our browser it gave error as SSL certificate got expired.But the website was working fine without any certificate error, and the only certificate bound in the server was not expired. We renewed the certificate and bound it again in IIS, but then we were not able to hit the web service and getting the error page not found. Can anyone tell the reason for it?
Related
I am using wso2 api manager 2.6.0. I have created a prototyped api. When I try to invoke the api from store api console ,I get an error
TypeError: Failed to fetch
When I take the curl command from the api console and execute it from command prompt on the same server where wso2 api manager is installed I get the expected response.
As it a GET method , If I take the url and execute it on a chrome browser , it takes me the management console page. When I sign in to the management console page , the browser displays Error 405 - Method Not Allowed
When I trigger the endpoint from postman, it returns an html page which is the same management console page.
I have checked that the host and port for the gatewayendpoint and OAuthConfigurations/revokeapiurl are same and the host is whitelisted in the store site.json.
Any idea what is wrong or how can I debug it.
Usually TypeError: Failed to fetch comes because of the self-signed certificate which comes by default with the server. If that is the case, accepting the security certificate from the browser should fix the problem.
From docs[2]:
Troubleshooting
If you cannot invoke the API's HTTPS endpoint (this causes the
SSLPeerUnverified exception), it could be because the security
certificate issued by the server is not trusted by your browser. To
resolve this issue, access the HTTPS endpoint directly from your
browser and accept the security certificate.
If the API Manager has a certificate signed by a Certificate Authority
(CA), the HTTPS endpoints should work out of the box.
[2] https://docs.wso2.com/display/AM260/Invoke+an+API+using+the+Integrated+API+Console
Our company PC machines are connecting to an internal server where a webservice hosted on it further connects to an external webservice in Italy. The certificate provided by the company in Italy to us only has client authentication purposes (thus not allowing us to import the certificate in IIS, right?). From a console application connecting directly to Italy's webservice, the certificate works fine. However the same logic fails when Italy's webservice is requested through our webservice.
Could this be because of the missing server authentication purpose in the certificate?
Thanks,
Justin
I have created a Wcf service with SAML implementation. I am using federation binding for the same. From my client application I'm able to access the services hosted on my WCF web service easily when I'm running both client and host service on same machine. I have used certificates for authentication(SAML implementation).
For your information I have custom module at client side which acts as a identity provider. The host service just has some functions which are exposed using wsfederationbinding.
Now the problem is that when I'm running my WCF service host at a different system and client application(consumer with identity provider) on a different system, I`m getting the following error message
MessageSecurityException: The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'.
Note:I feel there is a something mismatch happening interms of certificates between client and host service.
I have resolved the above problem, actually the root cause for the above error was certificate mismatch.
I read at one of the SAML forum regarding the SAML certificate authentication procedure,which says
The token is encrypted using the Public certificate at client side.
At the server side(Webservice Host in my case) the received token is decrypted using the private key of the certificate.
So,in my case the certificates were different at client side compared to the one's at server side.
Resolution :
Just export the certificates from server side(Webservice host in my case) and import the same at client side.
Note: There exist 2 certificates,client certificate and server certificate at both sides(client side and server side).
so in reality,when a client wants to access the host web service(dynamically), just like downloading apps,we need to create both certificates at service side and deploy those certificates to client upon activation of the client app.this way certificates will be in sync.
I have a website hosted on my web server contacting a secure web service on another server. I have created a self signed certificate and attached it to the https:// binding. I have done 2 things to try and accept the certificate on my web server:
Open IE and browse to my wsdl file in the web service - Installed the certificate to the Trusted Root Cert Authority.
Exported the certificate from the other server, gone into MMC and installed imported it manually into the Local Computer Trusted Root Cert Auth.
Neither of these have worked and I am not sure which route to try next.
System: Windows Server 2008 running IIS7.
Many thanks for your time.
I had to do this the way everyone else seems to do it by overriding the certificate check. Not what I wanted but has sorted it for now.
Scenario:
A client calls WebService A on the LAN. WebService A is running under an App Pool with Identity "Network Service".
WebService A does some work, prepares to call WebService B.
WebService B requires a client cert (*.cer) and SSL.
WebService A is on a dedicated Windows 2003 server.
Everything works in the Dev environment as it should (but the developer with Administrator privileges is always logged on locally (no surprise!).
The certificates are stored on disk at C:\MyCertificates\
The certificate is being applied at runtime successfully in Dev with this snippet: myWebService.ClientCertificates.Add(new X509Certificate.CreateFromCertFile(certPath));
Problem:
WebService A is calling WebService B, and the returned exception is:
The request failed with HTTP status
403: Forbidden
This really means that the certificate was not sent in the request to WebService B.
I am under the assumption that installing this cert into the browser is not a solution. The browser settings typically are per-user, and I need to give the certificate to the user whose credentials the web service is running under. (e.g. Network Service, System, or whatever is in the IIS AppPool settings).
Question: How can I grant access or association to my certificate living at the specified directory location to the Network Service or other non-user account?
This Microsoft knowledgebase article may be of use:
How to call a Web service by using a client certificate for authentication in an ASP.NET Web application (MS KB901183)
Your web service 'A' would effectively be the ASP.NET application calling the web service as described in the article.