Certificate error invoking gRPC service with HTTPS under .Net 5: UntrustedRoot
I am trying to HTTPS connect my gRPC client and service, both running under .Net 5 on my local Windows 10 machine. Now I am getting this certificate error and not sure how to fix it:
Status(StatusCode=\"Internal\", Detail=\"Error starting gRPC call.
HttpRequestException: The SSL connection could not be established, see inner exception.
AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot\", DebugException=\"System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.\r\n
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot\r\n at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)\r\n at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)\r\n at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)\r\n --- End of inner exception stack trace ---\r\n at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.GetHttp2ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)\r\n at Grpc.Net.Client.Internal.GrpcCall`2.RunCall(HttpRequestMessage request, Nullable`1 timeout)\")
I tried to install a dev certificate by running the commend below, but it seems one have already exist:
And it appears that I have this cert under both of my Personal and Trusted Root stores
I do noticed however, that the cert exists in my stores is "IIS Express Development Certificate", instead of "ASP.NET Core HTTPS development certificate". Dose that matter? If so, how do I get the correct cert installed? If not, what else am I missing?
Solution
In case anyone interested - in my case, this was caused by the fact that gRPC hosting is not supported by IIS under my current build level of Windows. While I was waiting for MS to complete a solution, I just added the following to my gRPC client side:
var httpHandler = new HttpClientHandler();
httpHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
var channel = GrpcChannel.ForAddress(ServerAddress, new GrpcChannelOptions { HttpHandler = httpHandler });
As you can see, this code is TEMPORARY and not meant for production. Microsoft has recently said that the support has been included in the operation system's build 20241 or later, which I am planning to test in the coming weeks.
- UEFI Application: Unable to fetch the body of Http GET request
- How do I generate the correct TOTP with Node with correct Headers and SHA512 hashed Token?
- SSL handshake failure in Java Agent (in HCL Notes 14)
- Debugging HTTP traffic originating from npm install using Fiddler
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- Experimental HTTPS in Next.JS doesn't work if I run dev from a external HD
- How to configure Pentaho Carte to accept HTTPS request instead of HTTP
- SSL and aiohttp: disable SSL verification do not work on python 3.12
- How to setup local environment to run on https
- Configuring HTTPS for Express and Nginx
- Strict-Transport-Security max-age not updating to 31536000 in ASP.NET Core application
- How do I make my JavaScript know the index number of the post I want to delete?
- How to change http/https Protocol while using relative URL
- Certificate error invoking gRPC service with HTTPS under .Net 5: UntrustedRoot
- How can I use HTTPS / SSL with Kestrel in ASP.NET Core 2.x?
- docker pull tries to talk http to registry that only understands https
- Using the 'integrity' attribute for script tags while avoiding CORS errors over the file-uri protocol
- How to correctly force SSL on WordPress via wp-config.php?
- Why do I get "The account does not have permission to access this resource" error when logging in to Bitbucket Cloud from XCode?
- Is it safe to use multiple listeners (HTTP and HTTPS) for a server with the default ServeMux in Go?
- Certbot failed to authenticate some domains (authenticator: apache). Failed to verify the temporary Apache configuration changes
- How can we run a FastAPI application on two ports one HTTP and one HTTPS without redirecting?
- OpenAS2 AS2ReceiverHandler: HTTP connection error on inbound message
- java.net.SocketException - NanoHTTPD (https) - Android
- You're accessing the development server over HTTPS, but it only supports HTTP. code 400, message Bad request syntax
- How to set up HTTPS for Rasa chatbot?
- Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://conda.anaconda.org/anaconda/win-64
- How can I measure the response times of an http request in Node?
- How can I know if the request to the servlet was executed using HTTP or HTTPS?
- ASP.NET Core 8 HTTPS Certificate Issues with Windows Host and Linux Container