Skip to main content

Post installer installation Unable to validate Portal URL certificate validation failed

Comments

6 comments

  • Marc-Etienne Tremblay

    Here is the events in the log file: 

    <Event Timestamp="2023-01-17T09:19:03.4979379-05:00" Level="WARN"><Message>Unable to validate Portal URL. SSL certificate validation failed. Geocortex.Platform.Security.Federation.WSTrustException: SSL certificate error: Certificate name mismatch. ---> System.IdentityModel.Selectors.PolicyValidationException: SSL certificate error: Certificate name mismatch.
       à Geocortex.Platform.Security.Federation.WSFederationValidator.Validate(X509Certificate2 certificate, X509Chain chain, String host)
       à Geocortex.Platform.Security.Federation.WSFederationClient.Validate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
       --- Fin de la trace de la pile d'exception interne ---

    0
  • Vanessa Pocock

    Marc-Etienne - how did you end up solving the problem? I'm having the same issue. 

    0
  • Marc-Etienne Tremblay

    Hello Vanessa, 

    I dont find a good solution with the multi certificat.

    So I dont have other choice to create a fresh new std certificate  with only the domain name than i would like use with GeoCortex.

    I have delete the corresponding domain name in my multi certificate. 

    With this solution all work great, but I need to pay more at Entrust because I have one more certificate. 

    I have work with the support before make the move, but the tech support never know why the multi certificat work in  tech support test and not in production on my side. 

     Hope this help.

    0
  • Vanessa Pocock

    Hi Marc-Etienne,
    Turns out the issue was that the .Net needed to be forced to use Strong Crypto in the registry.  For some reason that configurator tool couldn't just negotiate it like our web browsers normally do.

    Vanessa

    0
  • Marc-Etienne Tremblay

    Hi Vanessa,

    Thank you for The trick, I will tory St. une next renew. Do you have the regedit key who need to be modify?

    0
  • Nico Burgerhart

    The following keys have to be changed, put this below in a .reg file and install it.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    0

Please sign in to leave a comment.