SSL NOMATCH issue when using proxies in HTTP request

     This warning may be caused by using an IP address or a hostname that differs from that found in the certificate.
      WinVerifyTrustWarning: CERT_E_CN_NO_MATCH
      Status = 0x800b010f
      (warning) SSL Server Certificate not verified.


Basically, the IP in the SSL certificate is not the same as the IP of the proxy that it is going through... This causes the SSL certificate to go unverified when communicating with webg services.

I am using the CHILKAT HTTP class.

I would love to find out why this is happening. It always happens when connecting to any SSL HTTPS link.
Dim prxip As String = proxinf(0)
        Dim prxport As String = proxinf(1)
        If RadSocks.Checked = True Then
            http.SocksHostname = prxip
            http.SocksPort = prxport
            http.ConnectTimeout = Me.NumTim.Value
            http.ProxyPort = Nothing
        Else
            http.ProxyDomain = prxip
            http.ConnectTimeout = Me.NumTim.Value
            http.ProxyPort = prxport
        End If
 
        If Me.ChkSSL.Checked = True Then
            Dim req As New HttpRequest()
            Dim resp As New HttpResponse()
            resp = http.SynchronousRequest("https://www.google.com", 443, True, req)
        Else
            http.QuickGetStr("http://www.google.com/")
        End If

Open in new window

Idkfawin32Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jfer0x01Commented:
Hello,

according to

http://msdn.microsoft.com/en-us/library/bb648706(VS.85).aspx

Match the CN and the device address. For example, if the operating system is connecting to https://mydevice.contoso.com:5358/, then the CN of the server certificate must be mydevice.contoso.com.

Also

this issue is further discussed in

http://stackoverflow.com/questions/799272/why-cant-one-ssl-certificate-be-used-for-multiple-machines

it seems to me, your proxy servers must probably have a root certificate installed, ex. blah.com instead of host.blah.com

Hope this helps

Jfer
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jfer0x01Commented:
any luck?
0
Idkfawin32Author Commented:
No luck, I just switched my entire application over to normal .Net HTTPWebRequests
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

jfer0x01Commented:
Did switching to .Net Web Requests improve your situation?
0
Idkfawin32Author Commented:
Yes, it resolved the issue. It was a huge pain but it solved everything.
0
jfer0x01Commented:
Ok,

i guess you can close question then

Jfer
0
Idkfawin32Author Commented:
The solution wasn't exactly a solution but it did lead me to the answer and that is good enough for me.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic.NET

From novice to tech pro — start learning today.