Search code examples
sslidentityserver4

Identity Server 4. Getting error when using self-signed certificate

I have an Identity Server, a Web API and a frontend app. Usually they're running on localhost and it works fine. Now I need to run the app on my local IP address. I changed all the settings from localhost:port to <my_ip>:port and I'm getting the following error in the Web API:

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '<my_ip>:5003/.well-known/openid-configuration'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '<my_ip>:5003/.well-known/openid-configuration'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

I tried to generate a self signed certificate and add to the certificate store, I tried many solutions on SO i.e. this one. All I achieved is switching from this error and Keyset does not exist

This is how I try to load the certificate:

var key = Configuration["certBase64"]; // exported from store as x509 base64 encoded
                var pfxBytes = Convert.FromBase64String(key);
                var cert = new X509Certificate2(pfxBytes, "<certificate-pwd>", X509KeyStorageFlags.MachineKeySet);
                builder.AddSigningCredential(cert);

What am I missing?

UPDATE

I also tried to use a local DNS name for my IP. On my router I set up forwarding from myapp.local to <my_ip>. Then I created a self signed certificate with Subject and DNS name = myapp.local, but it didn't help.

The current error:

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'myapp.local:5003/.well-known/openid-configuration'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'myapp.local:5003/.well-known/openid-configuration'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Solution

  • You can not use HTTPS and certificates when you try co connect to a service using an IP-address. You must always have a domain name and a valid certificate that your local machine trust.