•   about 9 years ago

SSL cert problem

Are you using self-signed certs?

  • 11 comments

  •   •   about 9 years ago

    I'm also receiving an error about SSL/TLS cert, while trying to connect to https://greenbutton.affsys.com/a3p/api/v1/Custodian/1/Auth/

    {System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
    at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
    at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
    at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
    --- End of inner exception stack trace ---
    at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
    at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)}

  •   •   about 9 years ago

    what type of app you are using? Mobile, asp?

  •   •   about 9 years ago

    ASP.Net

  •   •   about 9 years ago

    Try the hack
    ServicePointManager.ServerCertificateValidationCallback = delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };

    let me know please if it worked for you

  •   •   about 9 years ago

    So that fixed the SSL/TLS cert issue, but using the Custodian/1/Auth/ link I get:

    "Unexpected response Content-Type text/html"

  •   •   about 9 years ago

    I would like first to know what URIs should I use at all. It seems that standards don't match what's in the test lab. See my discussion "Consumer Authentication Path"

  •   •   about 9 years ago

    I have been; I follow you exactly. Instructions are quite sparse and not quite clear. It looks like the Custodian already setups the Authorization steps as it providers you with a Refresh Token and Access Token.

  •   •   about 9 years ago

    Yes but as I understand we cannot use that tokens in app. This tokens should be specific to the customer so getting them should be done from your app

  •   •   about 9 years ago

    For purpose of the contest, access tokens can also be acquired for your mobile application using the Authorized Third Party (ATP) portal in the Test Lab. First register your application in the ATP portal using the "Application | Register" option in the Administration menu. Afterward, you can use the ATP to go through the authorization process for your application and to display the access token you can then use in your mobile app for subsequent data accesses.

  •   •   about 9 years ago

    According to contest requirements I need to provide the installation package. In this case my app can work only with one fixed user which received tokens via portal. Is that acceptable?

  •   •   about 9 years ago

    A fully functional application is obviously more ideal i.e. one capable of exercising the registration, authorization, and data access elements of the API. Not all participants creating a mobile application may have the requisite infrastructure for the authorization piece and so this a way to allow for the application to be created, tested and demonstrated in that case.

    Let me get clarification on the question of "acceptability".

Comments are closed.