HTTPS Connection Issues

From MgmtWiki
Revision as of 12:20, 31 July 2020 by Tom (talk | contribs) (Net Core Console Apps)

Jump to: navigation, search

Full Title or Meme

Like most security protocols HTTPS can start failing for all sorts of reasons, but issues with upgraded security seems to be most common.



Net Core Console Apps

Here are the steps:

  1. Create a Certificate Signing Request (CSR).
  2. Have the CSR signed by the server.
  3. Get the signed certificate.
  4. Include the signed certificate in the HTTP request.
  5. Make sure to put the Self-Signed CA Certificate in the Local Computer's Trusted Root CA store.

Troubleshooting steps in order (do not skip if a certain step is not successful):

  1. Test with HTTP
  2. Test with HTTPS (one-way authentication)
  3. Test with HTTPS (mutual authentication)

PowerShell Invoke-xxxMethod

$r = Invoke-RestMethod "" -Method Post -Body $j -ContentType "application/jose"
The registry service https://localhost:5035/csp could not be found. Exception: The SSL connection could not be established, see inner exception.

or on AWS

$r = Invoke-RestMethod "http://localhost:5035/csp" -Method Post -Body $j -ContentType "application/jose"
Invoke-RestMethod : The underlying connection was closed: The connection was closed unexpectedly.
At line:1 char:6
+ $r = Invoke-RestMethod "http://localhost:5035/csp" -Method Post -Body ...
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

One common cause for this issue is a mismatch in TLS levels between the client and server. In general all side should be (2020-07) set for tls1.1 or higher.

  • Check with powershell Get-TlsCipherSuite [[-Name] <String>] [<CommonParameters>]