.NET core web app using SSL – SEC_ERROR_INADEQUATE_KEY_USAGE

If there is problems start a local development server in .net core version 6 web app using SSL. You can disable SSL in the launch profile. When I started a new website today in the local dev I got the error message “SEC_ERROR_INADEQUATE_KEY_USAGE”. I tried to copy the personal certificate in the certificate manager but that didn’t work. So I decided to disable SSL instead. This is how you can disable SSL in the local dev:
1. Right click on project name in solution explorer and select Properties.
2. Select Debug > General.
3. Click on link Open launch profile.
4. In the IIS Express section untick “Use SSL”.
5. Hit F5 to start website without SSL.

use-ssl

Big logfiles in VSLogs

If you have problems with the disk space suddenly being depleted. Could this be due to large auto-generated log files in VSLogs (../AppData/Local/Temp/VSLogs). This problem seems to have been around for a while and there is also an ongoing case about this (https://developercommunity.visualstudio.com/t/vs-2019-created-big-size-svclog-files-in-temp-path/ 1517476). Currently running VS2022 – Version 17.0.5. 60GB of logfiles generated. It probably would have been more if the disk space haven’t been depleted.

VSLogs

UseStatusCodePagesWithReExecute .net 6

net logo

I got some problem when trying to use custom error pages in a .net 6 mvc web app. Using UseStatusCodePagesWithReExecute to redirect to an error controller on exceptions like 404 or 500 response status. But the error controller never got fired. Discovered that this problem was due to that the UseStatusCodePagesWithReExecute call needs to be called before app.UseRouting() in Startup.cs. Else it didn’t work for me!

startup
Hope this helps someone who is experiencing the same problem!

SSL certificate import to IIS “Specified logon session does not exist”

Have been struggling a bit to import a SSL certificate generated by certbot (Let’s Encrypt) on an IIS server.

Reproduction of error

1. Create SSL certificate with certbot using command:
certbot -d domain.com -d www.domain.com --manual --preferred-challenges dns certonly

2. Certificates and keys are created in files: “cert.pem”, “chain.pem”, “fullchain.pem” and “privkey.pem”. So far so good!

3. Create a PFX-file to import to the IIS server using:

openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile fullchain.pem

4. PFX file created! Let’s import this to Server Certificates. Key is marked as exportable in the import. Importing then goes without any problem.

5. When re-binding the domain to use this new certificate following error occurs:

specified-logon
A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520).

How to fix this error?

The problem seems to be in the certificate file (PFX) itself. Something went wrong when it was created. So I tried to re-create the PFX and changed the last parameter to use “chain.pem” instead and this solved the problem! So command line to create a PFX-file with certificate files from certbot should be:

openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile chain.pem


Hope this help anyone struggling with this issue!

Convert SSL certificate to PFX using OpenSSL

If you want to create a password protected PFX file from certificate file and a private key you can use OpenSSL. Follow these steps to create a PFX file.

ssl certificate
  • 1. Download the SSL/TLS tookit from https://www.openssl.org.
  • 2. Run this command in a terminal window:
    “{PATH}\openssl.exe” pkcs12 -export -out “{PATH}\{filename-of-pfx}.pfx” -inkey “{PATH}{filename-of-key}.key” -in “{PATH}{filename-of-certificate}.crt” -certfile {PATH}{filename-of-ca-bundle}.crt
  • 3. Choose a password for the pfx file.
  • 4. Done, the pfx file is now created at specified path.

.NET MVC – Illegal characters in path

Scenario
Render a ASP.NET MVC Razor view with a model from the controller.

Error / Exception
System.ArgumentException: Illegal characters in path.

Cause
The model from the controller was returning JSON and the view had declared “@model string” to handle the JSON.

Solution
Updates in both controller and view. Change controller return type from string to the object.

Controller
Original: return View(JsonConvert.SerializeObject(List));
Change to: return View(List);

View
Original: @model string
Change to: @model List<object>

Error when reading from PFX certificate SSL/TLS

Case
Establish a secure connection to a server. Authentication with certificate.

Error message
The request was aborted: Could not create SSL/TLS secure channel.

  1. Start Microsoft Management Console, either from control panel or by run command “mmc”.
  2. In MMC select File > Add/Remove Snap-In (Ctrl+M).

    mmc add remove snap in
  3. Select Certificates > Add > OK. In next window select Local Computer.

    mmc add certificate
  4. When Certificates is added select Certificates > Personal > Certificates.
  5. You can see all the installed certificates in the window to the right. In order to add a permission right-click on a certificate and select All Tasks > Manage Private Keys.

    mmc manage private keys
  6. Search for user IIS_IUSRS (IIS User) and then add the user. You can configure the permissions like full control, read etc.
    when the user is added.

    mmc add iis user

Problems connecting to WCF service

Trying to connect to a WCF-service but get some error messages:

The HTTP request is unauthorized with client authentication scheme Anonymous The authentication header received from the server was Basic

The provided URI scheme https is invalid expected http

The solution was to adjust web.config > system.serviceModel section. Add “Transport” to security mode. and clientCredentialType should be “Basic” if the server expects Basic Realm.

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="Document_Binding" closeTimeout="01:00:00" openTimeout="01:00:00" receiveTimeout="01:00:00" sendTimeout="01:00:00" maxReceivedMessageSize="2147483647">
          <security mode="Transport">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
    <endpoint ....../>
    </client>
  </system.serviceModel>

Good luck with your connections =)