-
Titolo
OAuth authentication shows error "The remote certificate is invalid according to the validation procedure." in application log -
Descrizione
OAuth2 authentication fails with error resembling:
"Failed to authenticate user using OAuth2/Open ID Connect. QER.OAuthAuthentifier.OAuth2Exception: An error occurred while sending the request.
---> System.Net.Http.HttpRequestException: An error occurred while sending the request.
---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."
In the application log. -
Causa
Depending on the configuration, the authenticator needs to contact webservers such as the TokenEndpoint itself. Usually these are https connections, therefore the user running the request needs to be able to create an https connection, that includes matching cipher suites and being able to verify the webserver certificate. -
Risoluzione
A resolution depends on the environment because there may be different procedures and requirements regarding creation and distribution of certificates. However, as a test outside of the application, the following PowerShell command may be used:
Invoke-WebRequest -Uri <TokenEndpoint>
The above command confirms any problems with an https connection. It may be necessary to import the webserver certificate or a related signing or root CA certificate so the user running the application (e.g. application pool user, if the problem is occurring in the web application) is able to verify the certificate of the webserver.
Please note that potentially there are different certificates in such a scenario: Anything configured beneath QER\Person\OAuthAuthenticator relates to the OAuth certificate which is configured in the OAuth server, but the given error message relates to the webserver certificate, which is configured in the webserver where the endpoints run on (e.g. IIS).