none
HTTPS security binding error between .NET and Apache RRS feed

  • Question

  • We call from Azure (WorkerRole on a Windows Server 2012) a Web Service which is running in Apache.

    Authentication is over a Client certificate. On the Client side we set timeouts abt 1hour. Most of the time the call is going through.

    In about 10% cases we get following error on the Client side:

    An error occurred while making the HTTP request to https://xXXXXX. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

    On the Apache Server following message is being logged:
    - Re-negotiation handshake failed: Not accepted by client
    - proxy: pass request Body failed to

    What could be the reason?

    Thanks
    Andreas

    Wednesday, August 21, 2013 9:18 AM

Answers

  • Hi,

    When occur the following error:

    An error occurred while making the HTTP request to https://xXXXXX. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

    That means we have to configure the port with an SSL certificate. 
    Then we can want a self-signed certificate for this. 

    First, use netsh to add a namespace reservation for the port:
    netsh http add urlacl url=https://+:1234/ user=EVERYONE

    But that's not enough, we need a self-signed cert to bind to that port.  Otherwise, we'll get the same exception as above. Create the cert using makecert.exe, which tends to reside in the windows sdk folder. Something like \Program Files\Microsoft SDKs\Windows\v7.0A\Bin.  First, create the root certificate to use for signing the server certificate.  <machineName> can be localhost, which is what I'm using.
    makecert.exe -sk RootCA -sky signature -pe -n CN=<machineName> -r -sr LocalMachine -ss Root MyCA.cer
    This creates a cert named MyCA.cer.  We should see that file in the working directory from where we ran makecert.exe.

    Next, create the server certificate.  <certificate path> should be something to use to identify the cert. 

     makecert.exe -sk server -sky exchange -pe -n CN=<machineName> -ir LocalMachine -is Root -ic MyCA.cer -sr LocalMachine -ss My <certificate path>

    Now, we have to bind the cert to the port.

    #How to: Configure a Port with an SSL Certificate:
    http://msdn.microsoft.com/en-us/library/ms733791.aspx.

    For more information, please try to refer to this blog:
    http://blogs.msdn.com/b/james_osbornes_blog/archive/2010/12/10/selfhosting-a-wcf-service-over-https.aspx .

    Best Regards,
    Amy Peng


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.


    Thursday, August 22, 2013 1:18 AM
    Moderator