I'm trying to move from .NET remoting to gRPC for client connections, but I've noticed that the Web Apps are no longer loading under Apps in Cube. I see the below error under Cube logging.
To note we are using HTTP for connecting to our Cubes, and we connect via IPs rather than hostnames due to the failover configuration. Is there any option to disable validation? Or some other way to get it to work in the short term without requiring a CA and setting up certificates? (Long term we are planning a migration to HTTPS).
Error:
ServerTime: 5/9/2025 3:12:04 PM
ClientTime: 5/9/2025 3:12:15 PM
Message : Exception occurred while retrieving web applications.
Exception : System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Skyline.DataMiner.Client.Components.Web.WebIntegrator.<GetConnectionString>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Skyline.DataMiner.Client.Components.Web.WebIntegrator.<Init>d__5.MoveNext()
Hi Nick,
Depending on why the certificate is not considered valid, it might be possible to use a workaround to make this work. The logging provided does not specify which part of the validation procedure failed, so would it be possible to try and access the DataMiner webpages directly from the browser? Browsers are usually more verbose about the exact reason why the certificate is considered invalid.
Kind regards,
Hi,
Can you check if the issue is resolved after installing the certificate in the trusted root certificate store of the client machine? You can export the certificate by following the steps from this video: https://www.youtube.com/watch?v=V87ek675Ni8
You can then install the certificate as following:
– double click the exported .crt file
– clicking 'Install certificate'
– choose 'Local Machine'
– choose 'place all certificates in the following store'
– click 'Browse …'
– Choose 'Trusted Root Certification Authorities'
– click 'Next' and 'Finish'
It is still not working, however the error has changed to "net::ERR_CERT_INVALID".
If you're using edge or chrome, you might need to kill the background process in the task manager before the changes are detected.
Can you also check if the ip address used to connect is in the certificate (either in the subject or in the subject alternative names).
After killing Chrome and retrying, the error now says "net::ERR_CERT_COMMON_NAME_INVALID".
The IP is nowhere in the cert (Neither is the hostname). Here is what I'm seeing…
—–
SUBJECT
CN = Auto-Created Cert by APIGateway
O = Skyline Communications
L = Izegem
ST = West-Vlaanderen
C = BE
—-
CERTIFICATE SUBJECT ALTERNATIVE NAME
Not Critical
DNS Name: *
I get a "net::ERR_CERT_AUTHORITY_INVALID" error in the browser when attempting to visit https://[DMA IP]