Https SSL cert name mismatch warning – “The security certificate presented by this website was issued for a different website’s address.”

Recently I was working on one project and encountered an Interesting issue related to SSO server’s SSL Cert where it was complaining about being used for a domain name other than it was registered for.

During investigation it was revealed that there are two domain names are configured with same IP. Cert was generated with alias name, hence it was complaining when we call the primary URL which was not listed in that cert.

What that meant is, let say – you have a self-signed cert for local domain “localhost” but you trying to use it for “test.nits.com” as well and both pointing to same IP address for example “127.0.0.1”.

When we trying to call localhost it works fine, as cert have it listed.

When we trying to use other local domain, it giving warning

So what is the problem here with SSO call, as this is just a warning ?

So when we try to call this HTTPS domain where name is mismatching in cert, Async call from project is getting rejected with below error, saying certificate is invalid as per validation procedures.

System.Net.Http.HttpRequestException
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

So now What ?

We have two ways to solve it:
1 – Add all aliases in the CERT (which is the right way of Doing it)
2- Ignore the Cert Warnings ( temporarily suggested until #1 is implemented, and also other measures are in place to keep connection secure )

To implement #1, you have to contact your cert generation authority and place a request to add all aliases suppose to use this Cert.

For #2, you can use below code in .net Core to ignore the cert warning.

using (var httpClientHandler = new HttpClientHandler())
{
httpClientHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; };

using ( var _httpClient = new HttpClient(httpClientHandler))
{
response = await _httpClient.GetAsync(url);
}
}

This will resolve your issue 🙂 Happy Coding!!

            

Leave a Reply

Your email address will not be published. Required fields are marked *