Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pfx file bug? #100

Closed
drewdunlop opened this issue May 3, 2018 · 5 comments
Closed

Pfx file bug? #100

drewdunlop opened this issue May 3, 2018 · 5 comments
Assignees
@fszlin
Labels
bug

Comments

@drewdunlop
Copy link

drewdunlop commented May 3, 2018
edited
Loading

I'm following the example code in the readme for the V2 API. When using the code to obtain a wildcard cert and then save it as a PFX cert (for use in .Net Core Kestrel HTTP server) I can't seem to get a valid PFX certificate.

Kestrel throws this error: "Uncaught exception from the OnConnectionAsync method of an IConnectionAdapter." From investigating this seems to occur when a bad PFX is ingested.

I've used certutil on Windows to dump out the info on the PFX there are some problems. I'm not an expert on this so it isn't clear what the problem is.

Interestingly I can import the PFX into Windows Cert Manager and then re-export to PFX. The newly created PFX works with Kestrel and also certutil has no errors.

Also if I manually write out a PEM file (for the cert and private key) and then use openssl to create the PFX everything works fine.

Any help is much appreciated. I've attached the output of CertUtil for both the cert that was created with Certes, as well as the exported cert. I've also attached the code used to generate the cert (minus the DNS validation bits). If I could use the PEM format in .Net Core I would, however all API's I could find want to use the PFX format.

LetsEncryptCertRequest.txt
testing_dump.txt
testing_export_dump.txt
@webprofusion-chrisc
Copy link
Collaborator

I can confirm we also have this issue, programmatic install causes an issue accessing private keys but re-importing using windows certificate manager works ok. Played around with openssl to try to diagnose but didn't get anywhere. Most likely related to the recent commit that added the full certificate chain?

@webprofusion-chrisc webprofusion-chrisc mentioned this issue May 4, 2018
Closed
@fszlin fszlin self-assigned this May 4, 2018
@fszlin fszlin added the bug label May 4, 2018
@fszlin
Copy link
Owner

fszlin commented May 4, 2018

@webprofusion-chrisc , I think you are correct. The certificate chain seems bugged right now.

@fszlin fszlin mentioned this issue May 4, 2018
Merged
@webprofusion-chrisc
Copy link
Collaborator

Thanks, saw you've added a fix. I'll check it out.

@fszlin
Copy link
Owner

fszlin commented May 4, 2018

Thanks for looking into it. I just realized this is also making Azure rejects my web app deployment, and it's working fine now.

Tested the result PFX with Kestrel, and seems fine too.

@drewdunlop
Copy link
Author

I can confirm that with your latest fix this issue is resolved. Thanks for the quick help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fszlin fszlin

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webprofusion-chrisc @drewdunlop @fszlin