Owin Twitter login - remote certificate is invalid according to verification procedure

Question

Owin Twitter login - remote certificate is invalid according to verification procedure

I started getting this error lately when trying to login with twitter - any idea why?

Stack Trace: [AuthenticationException: The remote certificate is invalid according to the validation procedure.] System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +230 System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) +13 System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +123 [WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.] System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +6432446 System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +64

+68

.net asp.net-mvc twitter-oauth twitter owin

user441365 Jul 29 '14 at 9:17

source share

8 answers

To summarize and save people digging comments, here is the last configuration:

 app.UseTwitterAuthentication(new TwitterAuthenticationOptions { ConsumerKey = "XXXX", ConsumerSecret = "XXXX", BackchannelCertificateValidator = new Microsoft.Owin.Security.CertificateSubjectKeyIdentifierValidator(new[] { "A5EF0B11CEC04103A34A659048B21CE0572D7D47", // VeriSign Class 3 Secure Server CA - G2 "0D445C165344C1827E1D20AB25F40163D8BE79A5", // VeriSign Class 3 Secure Server CA - G3 "7FD365A7C2DDECBBF03009F34339FA02AF333133", // VeriSign Class 3 Public Primary Certification Authority - G5 "39A55D933676616E73A761DFA16A7E59CDE66FAD", // Symantec Class 3 Secure Server CA - G4 "‎add53f6680fe66e383cbac3e60922e3b4c412bed", // Symantec Class 3 EV SSL CA - G3 "4eb6d578499b1ccf5f581ead56be3d9b6744a5e5", // VeriSign Class 3 Primary CA - G5 "5168FF90AF0207753CCCD9656462A212B859723B", // DigiCert SHA2 High Assurance Server C‎A "B13EC36903F8BF4701D498261A0802EF63642BC3" // DigiCert High Assurance EV Root CA }) });

All credits @MichaelLake and @KennethIto.

+86

webStuff Sep 23 '15 at 3:41

source share

Disable Fiddler.

Somehow the Fiddler web debugging debugger messed up Oauth for Twitter.

+5

Matt Aug 28

source share

For testing purposes (!) You can also set

 options.BackchannelCertificateValidator = null;

and add to your Global.asax Application_Start file:

 ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

+5

Martin Staufcik Oct 26 '14 at 17:23

source share

DigiCert SHA2 C High Reliability Server The value "5168FF90AF0207753CCCD9656462A212B859723B" seems to be invalid. The new value is "01C3968ACDBD57AE7DFAFF9552311608CF23A9F9". It is valid from 06/18/2012 to 09/19/2019. I found it by going to https://api.twitter.com/ in Chrome, then clicking on the lock in the address bar to view the certificate.

+3

Jon B Aug 10 '16 at 20:54 on

source share

I had this exact problem, I followed the post above and I got error 401 (unauthorized) mentioned in another comment.

I went to my Twitter account and unchecked the box next to "Enable callback blocking." Press "Save", press F5, and it worked.

So the above code worked for me. If you get 401 double verification of your Twitter account, check the box.

0

RoadRunner Dec 16 '15 at 3:15

source share

For me, just updating Microsoft.Owin.Security.Twitter to version 3.1.0 is fixed, even without adding fingerprints!

0

Waqas Shah Jul 25 '17 at 10:52

source share

I had the same issue and updated the callback url in my twitter app.

Adding the default URL https: // mywebsite / signin-twitter

0

Moiyd Jan 25 '19 at 23:34

source share

MichaelLake · Accepted Answer · 2014-07-29 12:03

Thanks to the power of open source, we see that fingerprints for twitter certificates were encoded in the Katana project.

 Microsoft.Owin.Security.Twitter.TwitterAuthenticationOptions

Recently, some certificates need to be changed, and now the prints no longer match.

Please add the new thumb print for the VeriSign Class 3 Public Primary Certification Authority - G5 certificate to your Twitter settings in your Startup.Auth.cs (for MVC users).

Change the default value:

 app.UseTwitterAuthentication( consumerKey: "XXXX", consumerSecret: "XXX" );

Use this:

 app.UseTwitterAuthentication(new TwitterAuthenticationOptions { ConsumerKey = "XXXX", ConsumerSecret = "XXXX", BackchannelCertificateValidator = new CertificateSubjectKeyIdentifierValidator(new[] { "A5EF0B11CEC04103A34A659048B21CE0572D7D47", // VeriSign Class 3 Secure Server CA - G2 "0D445C165344C1827E1D20AB25F40163D8BE79A5", // VeriSign Class 3 Secure Server CA - G3 "7FD365A7C2DDECBBF03009F34339FA02AF333133", // VeriSign Class 3 Public Primary Certification Authority - G5 "39A55D933676616E73A761DFA16A7E59CDE66FAD", // Symantec Class 3 Secure Server CA - G4 "5168FF90AF0207753CCCD9656462A212B859723B", //DigiCert SHA2 High Assurance Server C‎A "B13EC36903F8BF4701D498261A0802EF63642BC3" //DigiCert High Assurance EV Root CA }) });

Owin Twitter login - remote certificate is invalid according to verification procedure

More articles: