Tymek,
I believe there may be an outstanding issue with trying to import certificates
using mozroots at the MACHINE level.
In my experience, the following command worked when run as the USER that will
run the application:
[PATH]/bin/mono [PATH]/mozroots.exe --import --sync
Regards,
DevUp!
Date: Thu, 20 Jan 2011 12:34:50 +0800
From: [email protected]
To: [email protected]
Subject: [Mono-list] HTTPS: 'Invalid certificate received from server.' and
mozroots
Hello gurus,
This is Mono 2.6.7 Ubuntu
Problem:
I
cannot connect to https pages (using HttpWebRequest) from MONO ASP and I
cannot (well, maybe I'm not doing it right) display installed x509
certs.
Error message:
Failed to submit to encrypted.google.com
form System.Net.WebException: Error getting response stream (Write: The
authentication or decryption has failed.): SendFailure --->
System.IO.IOException: The authentication or decryption has failed.
---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from
server. Error code: 0xffffffff800b010a
Extra info:
1. I restarted mono several times.
2. If I provide my own ServicePointManager.ServerCertificateValidationCallback
validator and return true, the handshake goes through.
3. Connecting to example pages (paypal, google etc) from my Firefox doesn't
show any issues.
4. Connecting to various pages with http:// (not s) works fine.
5. I imported the std root certs with mozroots:
$sudo mozroots --import --machine --sync
Mozilla Roots Importer - version 2.6.7.0
Download and import trusted root certificates from Mozilla's LXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
BSD licensed.
Downloading from
'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
Importing certificates into machine store...
140 new root certificates were added to your trust store.
Import process completed.
I can see the certs are there:
$ls /usr/share/.mono/certs/Trust | wc -l
140
I tried to look at the installed certs but I always get Count = 0:
X509Store storeMachine = new X509Store(StoreLocation.LocalMachine);
//I also tried StoreLocation.CurrentUser also with no success.
storeMachine.Open(OpenFlags.ReadOnly);
//BTW. Is this necessary at all?
X509Certificate2Collection storecollection2 =
(X509Certificate2Collection)storeMachine.Certificates;
Console.WriteLine("Number of X509 certs Machine: {0}",
storecollection2.Count);
foreach (X509Certificate2 x509 in storecollection2)
{
Console.WriteLine("certificate name: {0}", x509.Subject);
}
Thanks in advance for any help
--
Tymek Majewski
Software Developer
NearMap.com
_______________________________________________
Mono-list maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list
_______________________________________________
Mono-list maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list
