Solved

SSL NOMATCH issue when using proxies in HTTP request

Posted on 2009-06-26
7
954 Views
Last Modified: 2012-06-27
     This warning may be caused by using an IP address or a hostname that differs from that found in the certificate.
      WinVerifyTrustWarning: CERT_E_CN_NO_MATCH
      Status = 0x800b010f
      (warning) SSL Server Certificate not verified.


Basically, the IP in the SSL certificate is not the same as the IP of the proxy that it is going through... This causes the SSL certificate to go unverified when communicating with webg services.

I am using the CHILKAT HTTP class.

I would love to find out why this is happening. It always happens when connecting to any SSL HTTPS link.
Dim prxip As String = proxinf(0)

        Dim prxport As String = proxinf(1)

        If RadSocks.Checked = True Then

            http.SocksHostname = prxip

            http.SocksPort = prxport

            http.ConnectTimeout = Me.NumTim.Value

            http.ProxyPort = Nothing

        Else

            http.ProxyDomain = prxip

            http.ConnectTimeout = Me.NumTim.Value

            http.ProxyPort = prxport

        End If

 

        If Me.ChkSSL.Checked = True Then

            Dim req As New HttpRequest()

            Dim resp As New HttpResponse()

            resp = http.SynchronousRequest("https://www.google.com", 443, True, req)

        Else

            http.QuickGetStr("http://www.google.com/")

        End If

Open in new window

0
Comment
Question by:Idkfawin32
  • 4
  • 3
7 Comments
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 250 total points
ID: 24726694
Hello,

according to

http://msdn.microsoft.com/en-us/library/bb648706(VS.85).aspx

Match the CN and the device address. For example, if the operating system is connecting to https://mydevice.contoso.com:5358/, then the CN of the server certificate must be mydevice.contoso.com.

Also

this issue is further discussed in

http://stackoverflow.com/questions/799272/why-cant-one-ssl-certificate-be-used-for-multiple-machines

it seems to me, your proxy servers must probably have a root certificate installed, ex. blah.com instead of host.blah.com

Hope this helps

Jfer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24755946
any luck?
0
 

Author Comment

by:Idkfawin32
ID: 24757437
No luck, I just switched my entire application over to normal .Net HTTPWebRequests
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 9

Expert Comment

by:jfer0x01
ID: 24806812
Did switching to .Net Web Requests improve your situation?
0
 

Author Comment

by:Idkfawin32
ID: 24807463
Yes, it resolved the issue. It was a huge pain but it solved everything.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24812129
Ok,

i guess you can close question then

Jfer
0
 

Author Closing Comment

by:Idkfawin32
ID: 31597081
The solution wasn't exactly a solution but it did lead me to the answer and that is good enough for me.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now