Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

The SSL connection could not be established

See original GitHub issue

I local debug is ok,but publish to IIS is error. Don’t use ocelot is ok,when I use upstream to get is error.

My logs details

warn: Ocelot.Requester.Middleware.HttpRequesterMiddleware[0]
      requestId: 0HLNESHAE1B8L:00000003, previousRequestId: no previous request id, message: Error making http request, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
         at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
         at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
         at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
      --- End of stack trace from previous location where exception was thrown ---
         at System.Net.Security.SslState.ThrowIfExceptional()
         at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
         at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
         at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
         at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_1(IAsyncResult iar)
         at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
      --- End of stack trace from previous location where exception was thrown ---
         at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
         --- End of inner exception stack trace ---
         at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
         at System.Threading.Tasks.ValueTask`1.get_Result()
         at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at System.Threading.Tasks.ValueTask`1.get_Result()
         at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
         at System.Threading.Tasks.ValueTask`1.get_Result()
         at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
         at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
         at Ocelot.Requester.HttpClientHttpRequester.GetResponse(DownstreamContext context)

ocelot.json

{
  "ReRoutes": [
    //identityserver4  token
    {

      "DownstreamPathTemplate": "/connect/token",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": "5001"
        }
      ],
      "UpstreamPathTemplate": "/auth/token",
      "UpstreamHttpMethod": ["Post"],
      "UseServiceDiscovery": true,
      "DangerousAcceptAnyServerCertificateValidator": false
    },
    // API:Service1
    {
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "service1Identity",
        "AllowedScopes": []
      },
      "DownstreamPathTemplate": "/api/{url}",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": "5011"
        }
      ],
      "UpstreamPathTemplate": "/Service1/{url}",
      "UpstreamHttpMethod": [ "Get", "Post" ],
      "UseServiceDiscovery": true,
      "DangerousAcceptAnyServerCertificateValidator": false
    },
    // API:Service2
    {
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "service2Idnetity",
        "AllowedScopes": []
      },
      "DownstreamPathTemplate": "/api/{url}",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": "5021"
        }
      ],
      "UpstreamPathTemplate": "/Service2/{url}",
      "UpstreamHttpMethod": [ "Get", "Post" ],
      "UseServiceDiscovery": true,
      "DangerousAcceptAnyServerCertificateValidator": false
    }
  ],
  "GlobalConfiguration": {
    "ServiceDiscoveryProvider": {
      "Host": "192.168.1.186",
      "Port": 8500,
      "Type": "Consul"
    },
    "RateLimitOptions": {
      "ClientIdHeader": "client_id",
      "QuotaExceededMessage": "Too Many Requests!!!",
      "DisableRateLimitHeaders": false
    }
  }
}

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:13

github_iconTop GitHub Comments

1reaction
yuftcommented, Jun 12, 2019

see #309 #325 ,

set DangerousAcceptAnyServerCertificateValidator in ReRoute config and this will ignore SSL errors, false by default.

0reactions
ahmedtolba1984commented, Jan 5, 2023

@harshwd Did you solve the issue as we currently face the same issue with the same stacktrace?

Read more comments on GitHub >

github_iconTop Results From Across the Web

The SSL connection could not be established
You get this error because your app isn't able to validate the certificate of the connection, and it's especially common to use this...
Read more >
c# web api The SSL connection could not be established, ...
This could be due to a number of reasons, including incorrect certificate format, incorrect certificate chain, or incorrect certificate data.
Read more >
The SSL Connection could not be established, see inner ...
"The SSL connection could not be established, see inner exception." Everything works fine in Postman / Chrome, but not in WebSurge - any...
Read more >
The SSL connection could not be established
I am developing a project using ASP.NET Core WebAPI, and when I try to debug this one, I get the following error message:...
Read more >
The SSL connection could not be established, see inner ...
Client.AbpRemoteCallException: An error occurred during the ABP remote HTTP request. (The SSL connection could not be established, see inner ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

The WebSocket is in an invalid state ('Aborted') for this operation. Valid states are: 'Open, CloseReceived'

Next page

Problems to cancel a request (CancellationToken)