CODEWITHSUNDEEP
c#asp.net-web-api
Rafał Developer
Rafał Developer

Reputation: 2045

ssl self signed certificate error - localhost

I'm using this course which is very interesting but I have some problem.

http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api

I get certificate error but I understand why is this problem. This certificate should be connected to name of my computer. I don`t understand how he biuld this certificate and how edit this issue.

enter image description here

Here is important code. What I have to do to solve this problem with certificate name? 

using System;
using System.Net;
using System.Net.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;

namespace LocalAccountsApp.Filters
{
    public class RequireHttpsAttribute : AuthorizationFilterAttribute
    {
        public int Port { get; set; }

        public RequireHttpsAttribute()
        {
            Port = 443;
        }

        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var request = actionContext.Request;

            if (request.RequestUri.Scheme != Uri.UriSchemeHttps)
            {
                var response = new HttpResponseMessage();

                if (request.Method == HttpMethod.Get || request.Method == HttpMethod.Head)
                {
                    var uri = new UriBuilder(request.RequestUri);
                    uri.Scheme = Uri.UriSchemeHttps;
                    uri.Port = this.Port;

                    response.StatusCode = HttpStatusCode.Found;
                    response.Headers.Location = uri.Uri;
                }
                else
                {
                    response.StatusCode = HttpStatusCode.Forbidden;
                }

                actionContext.Response = response;
            }
            else
            {
                base.OnAuthorization(actionContext);
            }
        }
    }

}

Upvotes: 2

Views: 9716

Answers (1)

fmt
fmt

Reputation: 993

That error is correct. The certificate you're using was signed by itself, for the domain localhost. Since it's not signed by a trusted certificate root (such as Verisign, for example), your browser warns you that the certificate is not valid and therefore the site may be illegitimate.

The error should not be causing problems with functionality, and when you deploy to production, you should get a trusted certificate signed for the domain you're deploying to.

You're not going to get anyone to sign a certificate for the domain localhost, but if the error bothers you, you can add the certificate you're using to the list of trusted root certificates by using MMC, as described in this TechNet article.

Upvotes: 6

Related Questions