Ask a Question related to ASP.NET Security, Design and Development.
-
Tim Mavers #1
Requesting web page from SSL site fails
I am using HttpWebRequest to request a page from my own site. It works great
when the site isn't running under SSL, but it fails when I run I turn on
SSL.
I am assuming I need to include some sort of certificate with the request?
Is this the certificate that is normally included in the browser? We are
using a standard site certificate from Verisign (which resides on the
server), what do I need to put in my client?
Tim Mavers Guest
-
Shared Objects and the site requesting access
I am developing lessons tests with Flash and using local shared objects to store the student's answer while taking the test. when I look at my .sol... -
the remote site of web page is empty how can I moveeverything over from local site?
I am new to using this Dreamweaver 3 software and I cannot update my website, due to the remote site being empty. How can I repopulate the remote... -
#25294 [Fbk->Csd]: ftp_nlist fails on nai site with coredump
ID: 25294 Updated by: pollita@php.net Reported By: steveh at brendata dot co dot uk -Status: Feedback +Status:... -
#25294 [Fbk]: ftp_nlist fails on nai site with coredump
ID: 25294 Updated by: pollita@php.net Reported By: steveh at brendata dot co dot uk Status: Feedback Bug Type:... -
fcgi problems: site down plus install fails
The homepage simply says: "CGI exec failed." Seems to be broken? http://raa.ruby-lang.org/list.rhtml?name=fcgi I downloaded the tar.gz file and... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Requesting web page from SSL site fails
The main reason SSL requests with HttpWebRequest fail is something wrong
with the server certificate (name on cert doesn't match the hostname
requested by client, cert is revoked, cert is expired, cert is not trusted).
It is less likely that you need a client certificate, although the server
may be requesting one. You should be able to find that out with a web
browser or something.
If there is an issue with the certificate, you can either fix the problem or
implement a custom ICertificatePolicy that will allow you to override any
objections to the server's certificate and allow the request. The samples
are in the SDK docs for ICertificatePolicy.
Joe K.
"Tim Mavers" <webview@hotmail.com> wrote in message
news:4PednYog-qErBEDcRVn-ow@giganews.com...>I am using HttpWebRequest to request a page from my own site. It works
>great when the site isn't running under SSL, but it fails when I run I turn
>on SSL.
>
> I am assuming I need to include some sort of certificate with the request?
> Is this the certificate that is normally included in the browser? We are
> using a standard site certificate from Verisign (which resides on the
> server), what do I need to put in my client?
>
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Tim Mavers #3 Re: Requesting web page from SSL site fails
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:udaOdDD9EHA.3236@TK2MSFTNGP15.phx.gbl...Yes, that was the problem, there as an issue with the cert on the server.> The main reason SSL requests with HttpWebRequest fail is something wrong
> with the server certificate (name on cert doesn't match the hostname
> requested by client, cert is revoked, cert is expired, cert is not
> trusted). It is less likely that you need a client certificate, although
> the server may be requesting one. You should be able to find that out
> with a web browser or something.
We were getting warning dialogs about "cert not being fully trusted", but
accepting "yes" would work fine (from the browser). However, apparently the
API itself will default to reject this.
Once we straightened out the cert, HttpWebRequest works fine.
Thanks for all the help.
Tim Mavers Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: Requesting web page from SSL site fails
BTW, you can control that behavior in .NET code by implementing your own
custom ICertificatePolicy class and setting that on the ServicePointManager,
but fixing the cert is always best.
Joe K.
"Tim Mavers" <webview@hotmail.com> wrote in message
news:VNWdnfubE6Sp83jcRVn-uQ@giganews.com...> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:udaOdDD9EHA.3236@TK2MSFTNGP15.phx.gbl...>>> The main reason SSL requests with HttpWebRequest fail is something wrong
>> with the server certificate (name on cert doesn't match the hostname
>> requested by client, cert is revoked, cert is expired, cert is not
>> trusted). It is less likely that you need a client certificate, although
>> the server may be requesting one. You should be able to find that out
>> with a web browser or something.
> Yes, that was the problem, there as an issue with the cert on the server.
> We were getting warning dialogs about "cert not being fully trusted", but
> accepting "yes" would work fine (from the browser). However, apparently
> the API itself will default to reject this.
>
> Once we straightened out the cert, HttpWebRequest works fine.
>
> Thanks for all the help.
>
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
