RemoteCertificateChainErrors

Feb 28, 2012 at 4:07 AM

I received RemoteCertificateChainErrors on the Error handler. 

 

I tried to add

 ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback( ValidateRemoteCertificate );
and the ValidatedRemoteCertificate just returns true.  I think this is the too late (the code never get called). Your ValidateRemoteCertificate already
threw an error exception and closed the socket.  
WebSocket4Net.dll!SuperSocket.ClientEngine.SslStreamTcpSession.ValidateRemoteCertificate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) + 0x6f bytes 
Is there a way to bypass the certificate validation?
Thanks for your help
Coordinator
Feb 28, 2012 at 4:17 AM

Using a certificate with the CN same with your host name.

If your websocket server's host is "smo7k.com", the CN of the certificate you using in your server side also should be "smo7k.com".
Create the test certificate by the tool:
You'd better buy a real one.
Feb 28, 2012 at 4:25 AM

My question is can I make the dll to accept a self-signed certifcate? 

Coordinator
Feb 28, 2012 at 4:41 AM

Already is!

You need a self-signed certifcate matching you deployment environment.

Feb 28, 2012 at 5:08 AM

I guess I'm not sure how does it work.  Since the server people tell me I need to accept the self-signed certificate  and I thought I need to tell WebSocket4Net dll to do so.  Now you are saying the the dll already accepts self-signed certificate, so it leaves that the self-signed certificate isn't correct.  Is that what you mean?

 

Thanks.

Coordinator
Feb 28, 2012 at 5:14 AM

WebSocket4Net accepts self-signed certifcate, but not all self-signed certifcates.

Using a certificate with the CN(Common Name) same with your host name.

If your websocket server's host is "smo7k.com", the CN of the certificate you using in your server side also should be "smo7k.com".

 


Feb 29, 2012 at 8:48 PM

The server is sending the client self-signed certificate using the Common Name.  However, the client keeps throwing the RemoteCertificateChainErrors exception.  I tried to look for the SuperSocket.ClientEngine source code to debug the problem, but I can't find it anywhere.  Where I can find the source code?  Or, you have a better idea to debug the problem.

I tried to use the Certificate Creator.  I don't know what to put on the password field.  So, I put password and just enter a path.  The application crashes.

Thank you for your help.

Coordinator
Mar 1, 2012 at 1:13 AM

I can help you create one, please tell me the websocket uri you want to connect.

<server name="SecureSuperWebSocket"
                    serviceName="SuperWebSocket"
                    ip="Any" port="4503" mode="Sync" security="tls">
                <!--Please install the certificate to your trusted certificates store, the password is 'supersocket'-->
                <certificate filePath="localhost.pfx"
                             password="supersocket"
                             isEnabled="true"></certificate>
            </server>

After I provide you the pfx file, you need to configure it in your SuperWebSocket configuration.

Mar 1, 2012 at 1:55 AM
Edited Mar 1, 2012 at 2:23 AM

Let's say the certificate that you create for me works. Its does not help me to find out why my client code doesn't work with the self-signed certificate in the server that I'm trying to connect.  I think I need to step into the SuperSocket.ClientEngine code to find out why.  Don't you agree?  Or, I'm wrong.

 

Thanks.

Coordinator
Mar 1, 2012 at 2:26 AM
Oh, I thought you are using SuperWebSocket as websocket server.
Are you sure the server you sure using supports secure websocket and the certificate was configured correctly in the websocket server?

From: [email removed]
Sent: Thursday, March 01, 2012 9:55 AM
Subject: Re: RemoteCertificateChainErrors [websocket4net:346505]

From: smo7k

The server host name is uc1-habanero.inter-tel.com

I don't understand what do you mean by "you need to configure it in your SuperWebSocket configuration." The server that I am trying to connect it isn't running SuperWebSocket code. Do you need I just put the pfx file in the server that I'm trying to connect?

Thanks.

Mar 1, 2012 at 2:50 AM

I would think so.  I can connect to the server that has a real certificate, but it just doesn't work for the self-signed one.  I tried to connect to the the server using FireFox and FireFox shows the certificate is a self-signed one and  I can view the certificate that I look correct.  The CN is same as the host name.  That is why I'm not sure why we are getting the exception.  That is why I want to debug the clientEngine code to see what is wrong.  Is there another way to find out why we are throwing the exception.

Coordinator
Mar 1, 2012 at 2:55 AM

The source code of ClientEngine locates in SuperSocket:

http://supersocket.codeplex.com/SourceControl/list/changesets

mainline/ClientEngine

 

But I think it is not necessary.

 

Could you show me the uri you used to connect and the certificate's details?

kerry-jiang@hotmail.com

Dec 28, 2013 at 6:25 PM
hello, i am having the same issue. how can i modify my certificate details?

Thanks.
Coordinator
Dec 29, 2013 at 2:37 AM
Generate a new certificate with the correct dns and then use it in your server program.