Hello,
We have an MVC project using OWIN Framework to allow our users to authenticate using Twitter.
However starting today, we have been getting this exception when trying to authenticate:
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Can you please advise if there has been any certificate changes recently? and if so, what is the impact on the Twitter API calls?
Also please advise of the method to resolve this issue in our application.
Regards,
Lavina
1 Like
I have an api app thatâs been running fine for years and starting this weekend, users are getting 500 Not Found errors in my Oauth sequence.
Investigation indicates a certificate problem on Twitterâs end causing an RSA related com process on the server to fail.
In both of these cases, can you provide any more detail?
@UserUnity - what API endpoint are you connecting to? Iâm not familiar with the OWIN Framework.
@rlamfink - same question, and what library are you using?
Twitter API endpoints support SHA-256 as required by Appleâs App Transport Security in iOS 9, so this may require any underlying libraries used in your code to support similar levels of TLS encryption.
Thanks for pointing me in the right direction, Andy!
can you please share how you resolved the problem?
Have not resolved yet. My library doesnât support SHA256 encryption.
Same problem here. MVC application using Microsoft.Owin.Security.Twitter for a while working fine and since yesterday Iâm getting this error too! Please advice!! :S
Unfortunately Iâm unable to locate the source code for that library so Iâm unable to check whether it supports SHA256. Do you know who owns that code / have any means to feed back to them that it needs to be upgraded?
Hi,
I noticed this problem today when debugging my MVC 5 web app. I havenât logged in using Twitter for a while so I am not sure when it started.
I donât know if it helps but the web app running in debug mode on my desktop gives the error âThe remote certificate is invalid according to the validation procedureâ but the same application running on Microsoftâs Azure Cloud the login works (strange!).
Not sure what that proves, but it is an interesting observation. Does that help? I could do with a solution too.
It is owned by Microsoft, and I believe they have made the code âopenâ (some limitations). If you follow the NuGet signature you get to http://katanaproject.codeplex.com/.
The actual code I think is here.
Hi Andy, I was about to tell you the library comes from Microsoft and Iâve seen you last post. Iâm not an expert on owin security by any means so⊠what do you suggest I can do to fix this? 
Difficult to know at first glance - it is unclear where the lack of TLS 1.2 / SHA256 lies here, whether in an underlying bundled library, transport level, etc. Iâd imagine others using the same library are having issues so hopefully the owners of the code can fix it soon, since the web and mobile apps are increasingly moving to more secure protocols.
What if they donât? Any other library you know I could use?
Iâm not familiar enough with the .NET family of libraries to be able to advise you at this time.
I came across this also. Once you have SHA256 working, Twitter security protocol requires root certificates for Twitterâs certificate vendors, DigiCert and Verisign to be installed in the server trusted root CA file.
https://dev.twitter.com/overview/api/ssl
1 Like
Hi Andy,
I updated my post to show a rather strange behaviour. trying to use Twitter login on a locally run application throws the error âremote certificateâŠâ but the same application running on Azure allows the login, but then fails. Is it something to do with running on SSL?
UPDATE
Hi @andypiper,
I found there is a new version of the .NET libraries concerning OAuth and I updated to that. That has done the trick when running on the Microsoft Azure platform, which is what matters. I still have a problem when I run locally for development, but I can live with that. Maybe its something to do with no SSL link, as the message is Could not establish trust relationship for the SSL/TLS secure channel.
Andy,
Heeeelllllpppppp! I have enabled SHA256 in my library and I can now communicate and get back a struct with an error. Everything I can find about it says itâs a problem with the certificate chain. Root, intermediate and site certs are installed in the server keystore, but still getting the same error. âI/O Exception: peer not authenticatedâ.
Any ideas?
Iâm sadly not a specialist in this stuff so I donât know for sure. What language are we talking about here - this thread started off discussing .NET but Iâm not sure what youâre using.
I will see what I can do to clarify the documentation on our side if there are omissions.
Ok, my hosting provider has stopped its finger pointing, and has finally determined that itâs a problem in their setup. Awaiting the solution. Thanks, Andy!
1 Like
The final solution was to migrate away from my providerâs Windows/IIS/Coldfusion/SQL Server environment, and reconfigure the site on a new providerâs Ubuntu/Apache/Railo/MySQL stack. Easily imported the certificate chain to fix the original problem. Works great now, and this hosting arrangement is much less costly!
1 Like
