How to disable RemoteCertificateNameMismatch for self-signed certificates

[kalyankrishna1]

Which version of Duende IdentityServer are you using? 4 (identityModel 6.0.0)

Which version of .NET are you using? 6.0

Describe the bug
I am trying to use a self-signed certificate in a docker compose set up with nginx for ssl. the call to the discovery metadata doc using https works fine in browser (https://mylocalserver.com:44395/.well-known/openid-configuration) after I added the cert created using openssl to the Local machine's "trusted root certification authorities".

the certificate is issued to
mylocalserver.com

I also the following line of code in the Main()

ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;

A clear and concise description of what the bug is.

I get the following exception when I run the aspnetcore web app of mine

[08:57:46 ERR] HTTP GET /Login responded 500 in 219.3944 ms
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://mylocalserver.com:44395/.well-known/openid-configuration'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://mylocalserver.com:44395/.well-known/openid-configuration'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: **The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch**

when
To Reproduce

Steps to reproduce the behavior.

Try using a self-signed certificate in a docker compose environment with a aspnetcore web app

Expected behavior

The C# code that switches off the certificate validation should have suppressed this check

A clear and concise description of what you expected to happen.

Log output/exception with stacktrace

Code from startup.cs (happy to provide more if that helps

        private void AddOidcSettingsFromConfig(OpenIdConnectOptions options)
        {
            options.Authority = Configuration.GetValue<string>("AuthN:Authority");
            options.ClientId = Configuration.GetValue<string>("AuthN:ClientId");
            options.ClientSecret = Configuration.GetValue<string>("AuthN:ClientSecret");
            options.Scope.Clear();
         
            var allScopes = Configuration.GetValue<string>("AuthN:Scopes");
            foreach (var scope in allScopes.Split(' '))
            {
                options.Scope.Add(scope);
            }
        }

Additional context

Add any other context about the problem here.

[brockallen]

It sounds like the host name being used does not match the cert name you have configured. Beyond that, I'm not sure.

[kalyankrishna1]

cert with subject, "CN = id-local.globomantics.com" is placed in trusted root certification authorities

Call to "https://id-local.globomantics.com:44395/.well-known/openid-configuration" via browser has no issues. Note that the port 443 in the container is mapped to 44395 on host

services: reverseproxy: build: context: . dockerfile: nginx/nginx.Dockerfile depends_on: - globomantics.identityserver ports: - "44395:443"

code is present on the aspnet core 6.0 web app to ignore cert validation errors

Not sure what else can I do?

[brockallen]

All set on this issue -- can we close?

[kalyankrishna1]

It was a docker port mapping issue and a missing update-ca-certificates command. its fixed. Thanks fot your patience

[hojatallahkazemi]

Hello, I have the same problem as yours. Can you please explain exactly how your problem was solved? I don't have docker

[josephdecock]

@hojatallahkazemi could you please open a new issue to describe your symptoms and environment in more detail?