It's a v8.0.1 QA environment. We installed application server but can't login with System User. The log shows the error messages below. We checked the certificate application server use it looks good with all valid trusted chain on Certificate Path tab.
There was an old certificate for IIS and used by application server before but we removed old cert and uninstalled application server. Then reinstalled new certificate and application server. Could application server still look for old certificate with its key cached somewhere on windows server? Any suggestions much appreciate! Thank you.
2018-06-12 13:27:58.3047 INFO (ObjectLog 9b918ef4-9275-4b7a-a62e-c6e55fb88324) : User viadmin (Dialog user: viadmin, X fields: viadmin) authenticated.
2018-06-12 13:27:58.3203 ERROR (ObjectLog ) : [System.Security.Cryptography.CryptographicException] Key not valid for use in specified state.
System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils.ExportCspBlob(SafeKeyHandle hKey, Int32 blobType, ObjectHandleOnStack retBlob)
at System.Security.Cryptography.Utils.ExportCspBlobHelper(Boolean includePrivateParameters, CspParameters parameters, SafeKeyHandle safeKeyHandle)
at VI.DB.Auth.AuthToken.Create(X509Certificate2 certificate, ClaimsIdentity identity)
at VI.DB.Entities.TokenCreatorImpl.CreateTokenAsync(CancellationToken cancellationToken)
at VI.DB.Entities.SessionExtensions.CreateTokenAsync(ISession session, CancellationToken cancellationToken)
at VI.Base.SyncActions.Do[T](Func`1 function)
at QBM.AppServer.Base.SessionAuthProvider.Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
at ServiceStack.Auth.AuthenticateService.Authenticate(Authenticate request, String provider, IAuthSession session, IAuthProvider oAuthConfig)
at ServiceStack.Auth.AuthenticateService.Post(Authenticate request)
at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto) at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)
Thanks for the helps!!!
Thing is, that the certificate used by the Application Server for the internal session handling needs to contain the private key or better the Application Server needs to have access to the private key.
By the way, the session certificate does not have to be the same as the one for the SSL/TLS connection against the web server (IIS) itself.
Thank you for more information behind of sense.
The issue resolved following steps 1) recreated CSR, had new cert contained private key; 2) used new cert for IIS; 3) uninstalled/reinstall application server.