Making Game: Anonymous FTP login doesn’t work on Windows 10

Original Source Link

I set up a local FTP server using IIS and enabled anonymous login. However I still can’t log in as anonymous/[email protected]; it says it’s the wrong username/password. How is this possible? I also tried setting up authenticated login but I have no idea where to create user accounts for that…

My anonymous FTP login was bound to my Windows login, but it appears that I’d mistyped the password for my Windows login when configuring the FTP login. Oops!

Tagged : / /

Server Bug Fix: Unable to load DLL ‘Msacm32.dll’: The specified module could not be found

Original Source Link

I would like to add to this issue.
This was working previously when I was running our old DC Server running an older installation of Windows 2016 Server DC.
Once we lost that DC, and then a hard drive failure took out the backup DC, along with the entire Web Forest, we lost the ability to have this site run properly.
So, what used to work, now, with whatever Microsoft has done, does not work.

Error

Unable to load DLL ‘Msacm32.dll’: The specified module could not be found.
(Exception from HRESULT: 0x8007007E)

Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.DllNotFoundException:
Unable to load DLL
‘Msacm32.dll’: The specified module could not be found.
(Exception from HRESULT: 0x8007007E)

This is the Stack Trace:

[DllNotFoundException: Unable to load DLL ‘Msacm32.dll’: The specified
module could not be found. (Exception from HRESULT: 0x8007007E)]
NAudio.Wave.Compression.AcmInterop.acmFormatSuggest2(IntPtr
hAcmDriver, IntPtr sourceFormatPointer, IntPtr destFormatPointer,
Int32 sizeDestFormat, AcmFormatSuggestFlags suggestFlags) +0
NAudio.Wave.Compression.AcmStream.SuggestPcmFormat(WaveFormat
compressedFormat) +108
NAudio.Wave.AcmMp3FrameDecompressor..ctor(WaveFormat sourceFormat) +38
NAudio.Wave.Mp3FileReader.CreateAcmFrameDecompressor(WaveFormat
mp3Format) +25 NAudio.Wave.Mp3FileReader..ctor(Stream inputStream,
FrameDecompressorBuilder frameDecompressorBuilder, Boolean
ownInputStream) +838 NAudio.Wave.Mp3FileReader..ctor(String
mp3FileName) +83
TagLib._Default.UploadMultipleFiles(Object sender,
EventArgs e) in
G:Inetpubwwwrootwebsite.comMediaDefault.aspx.vb:94
System.Web.UI.Control.OnLoad(EventArgs e) +95
System.Web.UI.Control.LoadRecursive() +59
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
+678

It references the file NAudio.dll
So, I registered this file on each of the Core Servers, using the following command.

windowsmicrosoft.netframeworkv2.0.50727regasm     
G:InetPubwwwrootwebsite.comMediaBinNAudio.dll

I tried to add it to the global cache, however. It states it did not have a strong name.

"Program Files (x86)Microsoft SDKsWindowsv10.0AbinNETFX 4.7.2 Tools"
gacutil -i G:InetPubwwwrootwebsite.comMediaBinNAudio.dll

I restarted each of the IIS Instances, and still receive the error above.

After all this
I did some searching for the Msacm32.dll, and it is not in any of the Window 2016 CORE Servers
I checked in the Desktop Experience, and it’s in both system32 and syswow64 folders.
I copied the file over to the server core that is currently active and tried to register it.
syswow64>REGSVR32 /i Msacm32.dll
And it said it was not a valid dll or ocx file.

I don’t ever remember having this issue before with this file, and this is the first time I’ve ever seen this error appear regarding this file.

I am trying to remember if I had installed something that might have added that file to the CORE servers in the past, and I do not recall having to.
I know that I have just registered MP3 audio files, but never, having to do anything with a Microsoft audio file on the CORE servers.

UPDATE
I copied the file to the syswow64 folder of all Core Servers.
Now, I am getting the following error.

An attempt was made to load a program with an incorrect format.
(Exception from HRESULT: 0x8007000B) Description: An unhandled
exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and
where it originated in the code.

Exception Details: System.BadImageFormatException: An attempt was made
to load a program with an incorrect format. (Exception from HRESULT:
0x8007000B)

So, this lets me know that I moved the wrong version of the file over, which is a good thing. (I think). So, I am going to try copying over another smaller version of the file and see what happens there.
I will post my findings.

NEXT UPDATE
Updated with the smaller file, and I get this error.

NoDriver calling acmFormatSuggest
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: NAudio.MmException: NoDriver calling acmFormatSuggest 

Any assistance on this would be much appreciated.
EE

OK.
This is what I found out.
The NAudio component I am currently using is no longer supported under Windows 2016 Server Core without Desktop Experience. And 2016 Server Core, does not have the ability to do desktop experience, and nor would I want to add it to the core servers.

The developer of the NAudio component has all the information on his site about this error and issue.
NoDriver calling acmFormatSuggest playing MP3s with NAudio

I am looking in on another solution for getting MP3 metadata, like the
TagLib
I am also using for the metadata (NAudio was used strictly for the file duration, as it returned the proper data, as TagLib does not. The Author of TagLib is working on it.).

I hope the above information will assist others who might experience this same issue. If you are using NAudio on a Server 2016 Core, it will no longer work.

Tagged : /

Server Bug Fix: Access to the path ‘\Core-01MediaTemp’ is denied – aspnet user needed

Original Source Link

Windows 2016 | IIS10 | IIS Server Farm

For starters.
I just now moved all sites from the backup server to the Web Forest.
And the one site I am having the titled issue with luckily is not a part of the site where people can see it—just me.

I had run into this issue before a few months ago and was able to resolve it without to much fuss.
However, there seems to be an issue now.

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.

Users added to [Security] tab permissions

IUSR NETWORK SERVICE [email protected]
(Custom pool identity)
Administrators (Default)

(ASPNET User is NOT available, and I have no idea on how to enable this user)

To grant ASP.NET access to a file, right-click the file in File Explorer,
choose “Properties” and select the Security tab.
Click “Add”
to add the appropriate user or group.
Highlight the ASP.NET account,
and check the boxes for the desired access.

The issue now is, I DO NOT have the ASPNET user as an option to chose from, and this used to be an option a few months back.
So, what happened to it?

UPDATE
I followed the instructions on this site here.
ASPNET User Identity Model
I could not get the aspnet_regiis -I to work with any other version of asp.net on the server.
So, I had to use the one which is used on the page.
After installing asp.net 3.0 (Which comes with 2.0)
And then running the aspnet_regiis -I
I rebooted the server.
Still, the ASPNET user does not show.

So, I am at a loss, people.
It used to be here, as I was using the user before in the 2016 server.
So, what happened to it?
Clearly, it is needed for this site, since the Network Service does not do it.

Any ideas on this would be great.
Wayne

You asked a very good question with exact error messages, so it is clear what issue you met. So we go through the whole process.

An ASP.NET application (likely .NET 2.x/3.x) gave you an error message

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.

which should be very clear if the web app runs on IIS 5.x/6.0/7.0. However, time flies so people can be surprised to see that accounts like IUSR_MACHINENAME or {MACHINE}ASPNET are gone, and Network Service is not the base process identity any more (IIS 7.5+).

Thus, the only correct hint is “the configured application pool identity on IIS 7.5”, which like I commented above is the custom domain account you used for this web application.

To summarize the issue again, ASP.NET web app running under a custom domain account cannot access a remote file share, and reports an error.

With this in mind, the rest is rather simple for you, to locate whether the right permissions are set. Even though on your servers actually another problem (failed shared configuration) prevents the things from working, you can easily resolve it.

So, keep up the good work on your side to always focus on the exact symptoms and ask the right questions.

Tagged : / /

Server Bug Fix: How to deploy Angular 9 and dot net core 3.1 deployment on IIS

Original Source Link

I’ve been struggling with deploying WebApi and angular applications into IIS for days now, This is my first time deploying apps into IIS and on publish domain, so forgive any obvious mistakes below.

My question is, what is the best approach for deploying Angular and Web api on IIS, and how to do it?

If you got a link explaining the process I can relay on, would be much appreciated.

I tried two methods in deploying the application:

  1. Adding two separate sites on iis:

    1.1. web api with host name ‘localhost’

    1.2. angular with host name ‘mydomain.com’ and set the base angular url to ‘localhost’

    • the idea is hosting the angular publicly and calling the web api locally.
    • Each site is working fine alone but couldn’t manage to make the angular site call the api successfully.
  2. Second method is adding site for angular and then adding application for web api under it.

Neither of these two approaches are working.

done for both approaches:

  1. Installing .net core hosting bundle
  2. Installing URL Rewrite
  3. ASP.NET Core Runtime
  4. Applying what in this answer to use Out of process hosting model
    • I will switch to use in process once everything is working correctly.
  5. Adding web.config to angular application to add rewrite rule from here (angular documentation iis)
  6. Application pool .NET CLR Version set to no managed code
Tagged :

Server Bug Fix: Access to the path ‘\Core-01MediaTemp’ is denied – aspnet user needed

Original Source Link

Windows 2016 | IIS10 | IIS Server Farm

For starters.
I just now moved all sites from the backup server to the Web Forest.
And the one site I am having the titled issue with luckily is not a part of the site where people can see it—just me.

I had run into this issue before a few months ago and was able to resolve it without to much fuss.
However, there seems to be an issue now.

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.

Users added to [Security] tab permissions

IUSR NETWORK SERVICE [email protected]
(Custom pool identity)
Administrators (Default)

(ASPNET User is NOT available, and I have no idea on how to enable this user)

To grant ASP.NET access to a file, right-click the file in File Explorer,
choose “Properties” and select the Security tab.
Click “Add”
to add the appropriate user or group.
Highlight the ASP.NET account,
and check the boxes for the desired access.

The issue now is, I DO NOT have the ASPNET user as an option to chose from, and this used to be an option a few months back.
So, what happened to it?

UPDATE
I followed the instructions on this site here.
ASPNET User Identity Model
I could not get the aspnet_regiis -I to work with any other version of asp.net on the server.
So, I had to use the one which is used on the page.
After installing asp.net 3.0 (Which comes with 2.0)
And then running the aspnet_regiis -I
I rebooted the server.
Still, the ASPNET user does not show.

So, I am at a loss, people.
It used to be here, as I was using the user before in the 2016 server.
So, what happened to it?
Clearly, it is needed for this site, since the Network Service does not do it.

Any ideas on this would be great.
Wayne

You asked a very good question with exact error messages, so it is clear what issue you met. So we go through the whole process.

An ASP.NET application (likely .NET 2.x/3.x) gave you an error message

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.

which should be very clear if the web app runs on IIS 5.x/6.0/7.0. However, time flies so people can be surprised to see that accounts like IUSR_MACHINENAME or {MACHINE}ASPNET are gone, and Network Service is not the base process identity any more (IIS 7.5+).

Thus, the only correct hint is “the configured application pool identity on IIS 7.5”, which like I commented above is the custom domain account you used for this web application.

To summarize the issue again, ASP.NET web app running under a custom domain account cannot access a remote file share, and reports an error.

With this in mind, the rest is rather simple for you, to locate whether the right permissions are set. Even though on your servers actually another problem (failed shared configuration) prevents the things from working, you can easily resolve it.

So, keep up the good work on your side to always focus on the exact symptoms and ask the right questions.

Tagged : / /

Server Bug Fix: How to configure IIS Express in order to allow a non-administrator to use SSL ports outside the range of 44300 to 44399?

Original Source Link

According to the IIS Express documentation administrative privileges are needed to run SSL using a port outside the range of 44300 to 44399.

For non-administrative users IIS Express

  • configures HTTP.SYS to reserve ports 44300 through 44399 for SSL
  • associates incoming SSL localhost requests in that range with a pre-installed self-signed SSL certificate

Is there a way to enable non-administrative users to run SSL on IIS-Express using a port outside the range of 44300 to 44399?

E.g. can I use netsh http add urlacl to open up SSL ports outside the range of 44300 to 44399 for user=EVERYONE ?
E.g. can I use netsh http add sslcert to add the self-signed certicate to ports outside the range of 44300 to 44399 ?

IIS Express installer creates several IP based bindings in Windows HTTP API, and that’s why 44300-44399 has been enabled by default.

You can feel free to create more such bindings (via netsh http add sslcert command), but creation of them requires administrator permissions.

Reference

netsh http add urlacl is not needed, as it serves other purposes.

Tagged : / / /

Server Bug Fix: How can I add ACL permissions for IIS APPPOOL* accounts via Powershell?

Original Source Link

I want to be able to set the IIS account for new websites to have modify permissions. I have the following script:

function Set-ModifyPermission ($directory, $username, $domain = 'IIS APPPOOL') {
    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $propagation = [system.security.accesscontrol.PropagationFlags]"None"
    $acl = Get-Acl $directory
    $user = New-Object System.Security.Principal.NTAccount($domain, $username )
    $accessrule = New-Object system.security.AccessControl.FileSystemAccessRule($user, "Modify", $inherit, $propagation, "Allow")
    $acl.AddAccessRule($accessrule)
    set-acl -aclobject $acl $directory
}

However, when I run it, I get errors like this:

Set-Acl : The trust relationship between this workstation and the primary domain failed.

I think this is because IIS APPPOOL isn’t a real domain, but is a weird prefix on a kind-of-fake account. Is there a correct way to refer to that account so that I can make this work?

First of all, use Set-Acl like this, as the directory path is the first positional argument:

Set-Acl $directory $acl

Second, you should create the user object with only one argument:

$user = New-Object System.Security.Principal.NTAccount("$domain\$username")

UPDATE: Seems that it won’t accept the “IIS APPPOOLAppPoolName” as an NTAccount identifier. Now, there are two ways to accomplish what you are trying to do:

  1. Create a new SID object with the AppPoolIdentities SID and translate it into an NTAccount, like this: http://iformattable.blogspot.com/2007/12/convert-sid-to-ntaccount-with.html, and you should be able to treat it like any other NTAccount object. If you still want to be able to pass domain/usernames for real accounts, built in some simple logic that defaults to the AppPool SID if username is “AweSomeAppPool” and domain is empty, just as an example.

  2. Use PowerShell to invoke icacls.exe, and use it to grant/revoke whatever permissions you want, like this (first normal icacls form command prompt, then powershell, notice the difference):

    icacls.exe test.txt /grant "IIS AppPoolDefaultAppPool":(OI)(CI)M

    cmd /c icacls test.txt /grant "IIS AppPoolDefaultAppPool:(OI)(CI)M"

If you go for the second option, be sure to test them manually first, i haven’t had a chance to test these specific examples myself, but it should work

Something like this should do the trick for you. It should be able to resolve IIS APPPOOlAnything as well…

function Set-AclOnPath
{
    param(
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [string] $Path,

        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [string] $DomainAccount
    )

    #Put whatever permission you want here
    $permission = $DomainAccount,"ReadAndExecute","Allow"
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission

    $acl = Get-Acl $Path
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl $Path
}

The following works in Windows 2012 to get a SID for the IIS site. It requires the IIS Provider which uses the WebAdministration powershell module, but this article indicates it will work on Windows 2008R2.

$appPoolName = 'MyAppPool'
$appPoolSid = (Get-ItemProperty IIS:AppPools$appPool).applicationPoolSid
$identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid
$user = $identifier.Translate([System.Security.Principal.NTAccount])

As of IIS 10/Windows 10/Server 2016, the WebAdministration module is deprecated and we’re expected to use the new IISAdministration Powershell module instead. Here’s how to get the application pool SID translated to the virtual user using the new module:

Import-Module IISAdministration
$manager = Get-IISServerManager
$appPoolName = 'MyAppPool'
$appPoolSid = $manager.ApplicationPools["$appPoolName"].RawAttributes['applicationPoolSid']
$identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid
$user = $identifier.Translate([System.Security.Principal.NTAccount])

The following worked for me in Windows 2012, couldn’t get the other examples working:

Import-Module WebAdministration

$appPoolName='MyAppPool'
$folderDirectory='C:MyWebFolder'

$appPoolSid = (Get-ItemProperty IIS:AppPools$appPoolName).applicationPoolSid

Write-Output "App Pool User $appPoolSid"

$identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid
$user = $identifier.Translate([System.Security.Principal.NTAccount])

Write-Output "Translated User $user.Value"

$acl = Get-Acl $folderDirectory
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user, "FullControl", "ContainerInherit", ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$acl | set-acl -path $folderDirectory

Tagged : / / / /

Server Bug Fix: How can I add ACL permissions for IIS APPPOOL* accounts via Powershell?

Original Source Link

I want to be able to set the IIS account for new websites to have modify permissions. I have the following script:

function Set-ModifyPermission ($directory, $username, $domain = 'IIS APPPOOL') {
    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $propagation = [system.security.accesscontrol.PropagationFlags]"None"
    $acl = Get-Acl $directory
    $user = New-Object System.Security.Principal.NTAccount($domain, $username )
    $accessrule = New-Object system.security.AccessControl.FileSystemAccessRule($user, "Modify", $inherit, $propagation, "Allow")
    $acl.AddAccessRule($accessrule)
    set-acl -aclobject $acl $directory
}

However, when I run it, I get errors like this:

Set-Acl : The trust relationship between this workstation and the primary domain failed.

I think this is because IIS APPPOOL isn’t a real domain, but is a weird prefix on a kind-of-fake account. Is there a correct way to refer to that account so that I can make this work?

First of all, use Set-Acl like this, as the directory path is the first positional argument:

Set-Acl $directory $acl

Second, you should create the user object with only one argument:

$user = New-Object System.Security.Principal.NTAccount("$domain\$username")

UPDATE: Seems that it won’t accept the “IIS APPPOOLAppPoolName” as an NTAccount identifier. Now, there are two ways to accomplish what you are trying to do:

  1. Create a new SID object with the AppPoolIdentities SID and translate it into an NTAccount, like this: http://iformattable.blogspot.com/2007/12/convert-sid-to-ntaccount-with.html, and you should be able to treat it like any other NTAccount object. If you still want to be able to pass domain/usernames for real accounts, built in some simple logic that defaults to the AppPool SID if username is “AweSomeAppPool” and domain is empty, just as an example.

  2. Use PowerShell to invoke icacls.exe, and use it to grant/revoke whatever permissions you want, like this (first normal icacls form command prompt, then powershell, notice the difference):

    icacls.exe test.txt /grant "IIS AppPoolDefaultAppPool":(OI)(CI)M

    cmd /c icacls test.txt /grant "IIS AppPoolDefaultAppPool:(OI)(CI)M"

If you go for the second option, be sure to test them manually first, i haven’t had a chance to test these specific examples myself, but it should work

Something like this should do the trick for you. It should be able to resolve IIS APPPOOlAnything as well…

function Set-AclOnPath
{
    param(
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [string] $Path,

        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [string] $DomainAccount
    )

    #Put whatever permission you want here
    $permission = $DomainAccount,"ReadAndExecute","Allow"
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission

    $acl = Get-Acl $Path
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl $Path
}

The following works in Windows 2012 to get a SID for the IIS site. It requires the IIS Provider which uses the WebAdministration powershell module, but this article indicates it will work on Windows 2008R2.

$appPoolName = 'MyAppPool'
$appPoolSid = (Get-ItemProperty IIS:AppPools$appPool).applicationPoolSid
$identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid
$user = $identifier.Translate([System.Security.Principal.NTAccount])

As of IIS 10/Windows 10/Server 2016, the WebAdministration module is deprecated and we’re expected to use the new IISAdministration Powershell module instead. Here’s how to get the application pool SID translated to the virtual user using the new module:

Import-Module IISAdministration
$manager = Get-IISServerManager
$appPoolName = 'MyAppPool'
$appPoolSid = $manager.ApplicationPools["$appPoolName"].RawAttributes['applicationPoolSid']
$identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid
$user = $identifier.Translate([System.Security.Principal.NTAccount])

The following worked for me in Windows 2012, couldn’t get the other examples working:

Import-Module WebAdministration

$appPoolName='MyAppPool'
$folderDirectory='C:MyWebFolder'

$appPoolSid = (Get-ItemProperty IIS:AppPools$appPoolName).applicationPoolSid

Write-Output "App Pool User $appPoolSid"

$identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid
$user = $identifier.Translate([System.Security.Principal.NTAccount])

Write-Output "Translated User $user.Value"

$acl = Get-Acl $folderDirectory
$acl.SetAccessRuleProtection($True, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user, "FullControl", "ContainerInherit", ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
$acl | set-acl -path $folderDirectory

Tagged : / / / /

Server Bug Fix: FTP Hostname and Username combied “|” (IIS windows server 2012 r2)

Original Source Link

I have setup a working FTP site but a specific setup is being asked…

This is credentials I use to login to my FTP (This works just fine)

Host: “Myhostname”
Username: “MyUserName”
Password: “MyPassword”
Port: 21

What I am being told is that we need the credentials to be

Host: “Myhostname”
Username: “Myhostname|MyUserName”
Password: “MyPassword”

Of course when I try to use this type of Username I am not allowed access to my FTP

Is there a way to enable the “|” into the username?

You only need that complex user name when you enabled FTP virtual host names.

More information can be found from this Microsoft article

Tagged : / / /

Server Bug Fix: How can i get legacy Android application to accept my SSL certificate now that AddTrust has expired?

Original Source Link

I’ll start by mentioning that the certificate does work on most devices.
The certificate has multiple chains. The problematic one (I think) goes something like this:

COMODO RSA Domain Validation Secure Server CA
COMODO RSA Certification Authority - **EXPIRED**
AddTrust External CA Root - **Expired**

How do I fix the certificate chain on IIS/Windows server so old android devices (Android 5 and under) can still connect via HTTPS?
What should I have in the certificates manager? And how can it be done without a whole server restart?

Tagged : / / /