I have a rather complicated real-time web application with a C# server as a back-end that also runs a Websocket server.
I am currently in the process of upgrading it to support HTTPS, having done that already (using OWIN self host, .NET Framework 4.6.1) I also need to do so for the Websockets (used for updating the clients on changes in the server)
The Websocket server is implemented using the wonderful websocket-sharp library
Ihe problem I'm facing is this:
No matter what I do, i allways seem to get this frustrating exception in my server side, after the call to SslStream.AuthenticateAsServer.
now, I have tried also using a different Websocket server (Fleck) and the issue remains, so I'm prety sure that it has something to do with my certificate.
I am using a self signed certificate, and I have tried to create this certificate in many ways, including the build-in windows certificate enrollment, PowerShell 'New-SelfSignedCertificate' and no matter what certificate I use, I allways get this exception:
AuthenticationException
HResult=0x80131501
Message=A call to SSPI failed, see inner exception.
Source=System
StackTrace:
at
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken
message, AsyncProtocolRequest asyncRequest, Exception exception)
at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean
receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult
lazyResult)
at
System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate
serverCertificate, Boolean clientCertificateRequired, SslProtocols
enabledSslProtocols, Boolean checkCertificateRevocation)
at
WebSocketSharp.Net.WebSockets.TcpListenerWebSocketContext..ctor(TcpClient
tcpClient, String protocol, Boolean secure, ServerSslConfiguration
sslConfig, Logger log) in
J:\Common\OpenSource\websocket-sharp\websocket-sharp\Net\WebSockets\TcpListenerWebSocketContext.cs:line
91
Inner Exception 1:
Win32Exception: An unknown error occurred while processing the
certificate
P.S I have found several places that tell to set the EnabledSslProtocols to SslProtocols.Tls12, i did that and it didn't work.
OK, so i was able to figure it out. posting the answer here in case anyone else has had this issue.
I needed to set the Common Name in the certificate to some name, then add that name to the hosts file and use that name when addressing the server (before i was using my computer name) so lets say i create the certificate with
CN=webserver
then in hosts file added
127.0.0.1 webserver
and it worked.
i just don't understand why the certificate was rejected in the server, and not in the client.