HTTPS Connection Issues
Full Title or Meme
Like most security protocols HTTPS can start failing for all sorts of reasons, but issues with upgraded security seems to be most common.
- For HTTPS to work the certificate (and key) used to sign the TLS (SSL) connection packets must match one of the certs in the cert:\localmachiroot folder. That means that the fingerprint (hash) of the root key must match the signing key.
Net Core Console Apps
Here are the steps:
- Create a Certificate Signing Request (CSR).
- Have the CSR signed by the server.
- Get the signed certificate.
- Include the signed certificate in the HTTP request.
- Make sure to put the Self-Signed CA Certificate in the Local Computer's Trusted Root CA store.
Troubleshooting steps in order (do not skip if a certain step is not successful):
- Test with HTTP
- Test with HTTPS (one-way authentication)
- Test with HTTPS (mutual authentication)
$r = Invoke-RestMethod "https://trustregistry.us/csp" -Method Post -Body $j -ContentType "application/jose" $r The registry service https://localhost:5035/csp could not be found. Exception: The SSL connection could not be established, see inner exception. or on AWS $r = Invoke-RestMethod "http://localhost:5035/csp" -Method Post -Body $j -ContentType "application/jose" Invoke-RestMethod : The underlying connection was closed: The connection was closed unexpectedly. At line:1 char:6 + $r = Invoke-RestMethod "http://localhost:5035/csp" -Method Post -Body ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
One common cause for this issue is a mismatch in TLS levels between the client and server. In general all sites should be (2020-07) set for tls1.1 or higher.
- Check with powershell Get-TlsCipherSuite [[-Name] <String>] [<CommonParameters>]