Post installer installation Unable to validate Portal URL certificate validation failed
Hi,
I try to complete the post-installation of GeoCortex Essential on a Windows server 2016.
I have a multi-certificate who include the domaine name associate to my server in my internal DNS.
https://carte.rouyn-noranda.ca/portal
The URL and the certitificat are public.
Whe I enter the URL and click the test button, I have the error message in the title.
Unable to validate Portal URL certificate validation failed
On my old server I have this issue too few week ago with a multi-domaine certificate.
The solution was to change for a std certificate with only one domaine name.
But now I dont have other availaible std certficate, and the support say than it could test correctly my multi-certificate. It's like the bug is internal at the server.
But I dont find the problem.
I have open a case with VertiGIS, but I try in the forum too.
Maybe somebody have view the sames situation.
I have already renew my certificat this week and add to IIS and portaladmin without any problem. I could acces to the portal page in https via my web browser on the server and from pc of my lan.
If I ping the url the right server anwser, so my internal DNS config is ok.
Like VertiGIS support say than it could connect and test my URL without problem from external I'm little bit jam with this issue.
Any helps or comments is welcome.
Thank you
-
Here is the events in the log file:
<Event Timestamp="2023-01-17T09:19:03.4979379-05:00" Level="WARN"><Message>Unable to validate Portal URL. SSL certificate validation failed. Geocortex.Platform.Security.Federation.WSTrustException: SSL certificate error: Certificate name mismatch. ---> System.IdentityModel.Selectors.PolicyValidationException: SSL certificate error: Certificate name mismatch.
à Geocortex.Platform.Security.Federation.WSFederationValidator.Validate(X509Certificate2 certificate, X509Chain chain, String host)
à Geocortex.Platform.Security.Federation.WSFederationClient.Validate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
--- Fin de la trace de la pile d'exception interne ---0 -
Marc-Etienne - how did you end up solving the problem? I'm having the same issue.
0 -
Hello Vanessa,
I dont find a good solution with the multi certificat.
So I dont have other choice to create a fresh new std certificate with only the domain name than i would like use with GeoCortex.
I have delete the corresponding domain name in my multi certificate.
With this solution all work great, but I need to pay more at Entrust because I have one more certificate.
I have work with the support before make the move, but the tech support never know why the multi certificat work in tech support test and not in production on my side.
Hope this help.
0 -
Hi Marc-Etienne,
Turns out the issue was that the .Net needed to be forced to use Strong Crypto in the registry. For some reason that configurator tool couldn't just negotiate it like our web browsers normally do.Vanessa
0 -
Hi Vanessa,
Thank you for The trick, I will tory St. une next renew. Do you have the regedit key who need to be modify?
0 -
The following keys have to be changed, put this below in a .reg file and install it.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:000000010
Please sign in to leave a comment.
Comments
6 comments