- ABP Framework version: 7.0.3
- UI type: MVC
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
System.Net.Security.SslStream.ForceAuthenticationAsync(bool receiveFirst, byte[] reAuthenticationData, CancellationToken cancellationToken)
System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, bool async, Stream stream, CancellationToken cancellationToken)
HttpRequestException: The SSL connection could not be established, see inner exception.
System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, bool async, Stream stream, CancellationToken cancellationToken)
System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, bool async, CancellationToken cancellationToken)
System.Threading.Tasks.ValueTask.get_Result()
System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, bool async, CancellationToken cancellationToken)
System.Threading.Tasks.ValueTask.get_Result()
System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
System.Threading.Tasks.TaskCompletionSourceWithCancellation.WaitWithCancellationAsync(CancellationToken cancellationToken)
System.Threading.Tasks.ValueTask.get_Result()
System.Net.Http.HttpConnectionPool+HttpConnectionWaiter.WaitForConnectionAsync(bool async, CancellationToken requestCancellationToken)
System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, bool async, bool doRequestAuth, CancellationToken cancellationToken)
System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, bool async, CancellationToken cancellationToken)
System.Threading.Tasks.ValueTask.get_Result()
System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, bool async, CancellationToken cancellationToken)
Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken)
Microsoft.Extensions.Http.PolicyHttpMessageHandler.SendCoreAsync(HttpRequestMessage request, Context context, CancellationToken cancellationToken)
Polly.Retry.AsyncRetryEngine.ImplementationAsync(Func<Context, CancellationToken, Task> action, Context context, CancellationToken cancellationToken, ExceptionPredicates shouldRetryExceptionPredicates, ResultPredicates shouldRetryResultPredicates, Func<DelegateResult, TimeSpan, int, Context, Task> onRetryAsync, int permittedRetryCount, IEnumerable sleepDurationsEnumerable, Func<int, DelegateResult, Context, TimeSpan> sleepDurationProvider, bool continueOnCapturedContext)
Polly.AsyncPolicy.ExecuteAsync(Func<Context, CancellationToken, Task> action, Context context, CancellationToken cancellationToken, bool continueOnCapturedContext)
Microsoft.Extensions.Http.PolicyHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken)
System.Net.Http.HttpClient.g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, bool disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(ClientProxyRequestContext requestContext)
AbpRemoteCallException: An error occurred during the ABP remote HTTP request. (The SSL connection could not be established, see inner exception.) See the inner exception for details.
Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(ClientProxyRequestContext requestContext)
Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(ClientProxyRequestContext requestContext)
Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(string methodName, ClientProxyRequestTypeValue arguments)
Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ClientProxies.AbpApplicationConfigurationClientProxy.GetAsync(ApplicationConfigurationRequestOptions options)
Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetRemoteConfigurationAsync()
Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.b__16_0()
Volo.Abp.Caching.DistributedCache<TCacheItem, TCacheKey>.GetOrAddAsync(TCacheKey key, Func<Task> factory, Func optionsFactory, Nullable hideErrors, bool considerUow, CancellationToken token)
Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetAsync()
Volo.Abp.AspNetCore.Mvc.Client.RemoteLanguageProvider.GetLanguagesAsync()
Microsoft.AspNetCore.RequestLocalization.DefaultAbpRequestLocalizationOptionsProvider.GetLocalizationOptionsAsync()
Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
Microsoft.AspNetCore.Builder.UseMiddlewareExtensions+<>c__DisplayClass6_1+<b__1>d.MoveNext()
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
- Steps to reproduce the issue:"
- Docker compose file:
version: '3.4'
services:
mydomain.authserver:
environment:
\- ASPNETCORE\_ENVIRONMENT=Development
\- ASPNETCORE\_URLS=https://\+:7000
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Path=/https/mydomain\.authserver\.pfx
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Password=
ports:
\- "7000:7000"
volumes:
\- \~/\.aspnet/https:/https:ro
\- $\{APPDATA\}/Microsoft/UserSecrets:/root/\.microsoft/usersecrets:ro
mydomain.web:
environment:
\- ASPNETCORE\_ENVIRONMENT=Development
\- ASPNETCORE\_URLS=https://\+:7004
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Path=/https/mydomain\.web\.pfx
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Password=
ports:
\- "7004:7004"
volumes:
\- \~/\.aspnet/https:/https:ro
\- $\{APPDATA\}/Microsoft/UserSecrets:/root/\.microsoft/usersecrets:ro
mydomain.webgateway:
environment:
\- ASPNETCORE\_ENVIRONMENT=Development
\- ASPNETCORE\_URLS=https://\+:7500
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Path=/https/mydomain\.webgateway\.pfx
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Password=
ports:
\- "7500:7500"
volumes:
\- \~/\.aspnet/https:/https:ro
\- $\{APPDATA\}/Microsoft/UserSecrets:/root/\.microsoft/usersecrets:ro
appsettings.json for Web project
{
"App": {
"SelfUrl": "[https://mydomain.web:7004"](https://mydomain.web:7004%22)
},
"AuthServer": {
"Authority": "[https://mydomain.authserver:7000"](https://mydomain.authserver:7000%22),
"RequireHttpsMetadata": "true",
"ClientId": "Web.Docker",
"ClientSecret": "1q2w3e\*",
"IsOnK8s": "false",
"MetaAddress": "[https://mydomain.authserver:7000"](https://mydomain.authserver:7000%22)
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "\*",
"RemoteServices": {
"Default": {
"BaseUrl": "https:/mydomain.webgateway:7500"
}
}
}
I tried to add above pfx files to Trusted Root on my machine and the guide here: https://ubuntu.com/server/docs/security-trust-store but it didn't work. Pls help