PositiveSSL, Azure & COMODO RSA Certification Authority



Recently SSL 1 was declared unsafe. So the certification companies started supplying SSL 2 certificates.

My certificate for notezilla.net was about to expire so I purchased a new one from namecheap.com. It sells SSL certificate at very less price. The brand name is PositiveSSL.

After purchase, I followed the instructions to install SSL certificate on my Windows Azure cloud service. But it didn’t work. I tried about 4 times and spent several hours trying to fix it.

As a side note: SSL 2 has a different set of root and intermediate certificates. I had to re-download and install them from here.

Surprisingly, for first 2 days I found everything was working fine until I tried to access my web-app from Android phone. The Chrome browser showed a scary message – ‘Your connection is not private’. Then I checked my website using SSL Checker. It said that the certificate was broken. The chain did not complete to the root. Also my Android app created using Xamarin were throwing following exceptions:

{System.Net.WebException: Error getting response stream (ReadDone2): ReceiveFailure

System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure —> System.IO.IOException: The authentication or decryption has failed. —> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a

Fortunately, Boyan Tabakob’s post on this thread helped me.

I am further elaborating on this because I want to cover issue specific to the PositiveSSL certificate purchased from namecheap.com. Nothing is wrong with the certificate. But the way IIS determines the chain of certificates is incorrect.

Here is how your chain should look like:

Notezilla.Net certificate chain

Your certificate->COMODO RSA Domain Validation Secure Server CA->COMODO RSA Certification Authority->UserTrust (AddTrust External CA Root)

However, when you install the SSL certificate on Windows Azure, and log in to your cloud service using Remote Desktop to check the chain, it will look totally different. It will pick a different COMODO certificate and will not find your actual root certificate.

Problem: The problem is that IIS has another interm certificate named “COMODO RSA Certification Authority” under “Trusted Root Certification Authorities”. This one is with a different Thumbprint. The real “COMODO RSA Certification Authority” which I wanted was already in “Intermediate Certifications Authorities” folder.

Solution: Since IIS picked the former one from the root (may be because of the same name), I deleted the former one (via Remote Desktop) and the certificate chain was now complete till the root. Now my website was working fine. Remember to restart your VM instance (Web Role) after you make this change! Very important.

The bad part is that I will have to repeat this step every time deploy a new build of my MVC cloud service.

Thanks. Hope it helps someone :).



Installing PositiveSSL SSL certificate on IIS/Windows Azure (ASP.Net MVC)



I still don’t understand various concepts behind certificates like SSL certificate, code signing certificate etc. I only know that they must be used for security & privacy. Each time I have to renew the certificate on our Notezilla.Net server that is used by our sticky notes app Notezilla, I forget how I did it last time as there are many steps involved.

Last time I used GoDaddy’s SSL certificate. This time I went for PositiveSSL SSL certificate from NameCheap.com as this was the cheapest I found (very cheap compared to GoDaddy).

I looked over the Internet to find how to install PositiveSSL certificate on Windows Azure (IIS) & configure my ASP.Net MVC project for HTTPS. I found the information all scattered over different websites. Spent lot of hours setting it right. Basically, I have unified all the steps in this single post.

Step 1

Buy PositiveSSL SSL certificate from NameCheap.com. This is the certificate that will only require your domain to be verified.

Step 2

Once you purchase the certificate, you will need to activate it from your NameCheap account settings. Activation requires you to generate a CSR from IIS. You can do it from any Windows machine which has IIS installed. You can learn how to generate CSR (certificate request) on IIS.

CSR is saved into a text file. You would copy this text and give it to NampCheap when activating the certificate. NameCheap will now check if you are the owner of the domain for which you are requesting the certificate. Once you complete the verification, Comodo will send you the .cer file (certificate) as an attachment to an email.

Step 3

Now, you would ensure that you have the root & intermediate certificates installed on the system where you generated the CSR. To install these, refer to this page. You would need to download these certificates from either this link or this link.

Typically, there is one root & 2 intermediate certificates. Pick the latest from above link.

Step 4

After you have installed the root & intermediate certificates as in previous step, you would now install the .cer file for your domain that Comodo sent to you. To do this, follow the Complete Certificate Request link in IIS . You don’t have to follow the bindings steps given in latter link if this is not your final server system.

When doing the above, you may encounter an error “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created”. To resolve this, look here.

Step 5

In order to upload all the root & intermediate certificates to Windows Azure, you will need to first export those certificates from IIS (where you imported them) to .cer files because this is what Windows Azure wants. Do this from the Certificates Management Console on your IIS machine.

Step 6

Now export your domain certificate into a .pfx file. Go to Personal->Certificates in the Certificates Management Console to export.

Step 7

At this point, we have 2 to 3 .cer files and a .pfx file. Go to your Windows Azure portal, select the cloud service, click on the ‘Certificates’ tab and upload all the exported certificates. Note, in one of the Firefox versions I was not able to upload the files to Windows Azure. I then used Internet Explorer to upload the files.

Step 8

You would now need to configure your ASP.Net Cloud Service project to use these certificates. Right click on the Web role in your cloud service project and choose ‘Properties’. Under ‘Properties’, click on Certificates option. Add your certificate information. Look at the first 3 rows below. Ignore the last row.

Cloud Service Project - Certificates Properties

Step 9

Once you do this, configure an endpoint for HTTPS. Right click on the Web role in your cloud service project and choose ‘Properties’. Under ‘Properties’, click on Endpoints option. See below.

Cloud Service Project - Endpoints Properties

Step 10

Build your package & deploy it on Windows Azure. It should work. You may also want to redirect all HTTP requests to HTTPS. I have done this for Notezilla.Net.



Do you want a cheap & reliable SSL certificate?



I needed to renew the SSL certificate on our Notezilla.Net web app. Last year, I used Godaddy’s SSL certificate. It spent about $70.00 for it. When comparing other similar SSL certificates & reading their reviews, to my surprise, I found that there were certificates available at much lower price of equal quality. The cheapest I found was PositiveSSL SSL Certificate from NameCheap.com for only $7.95/year. This one is from Comodo whom I trusted as we use code signing certificate from the same company.

It is surprising to see such vast difference in the prices between different resellers. Eg: PositiveSSL.com sells the same certificate for $49.95/year. We normally doubt the quality of the cheapest reseller when the product description is exactly same as the other more expensive resellers.

Since it was only $7.95, I thought of taking the risk. The complete experience from NameCheap.com was very pleasant. I have successfully installed the certificate on my Windows Azure server. It is working. I am not affiliated to NameCheap.com. I am just impressed.

If you found this post useful, please like it by clicking on one of the social media buttons (facebook, twitter, google+) on top/left of this post.



Visual Studio closes/crashes when opening edmx file



Whenever I tried opened the Entity Framework’s edmx file, Visual Studio 2008 would simply close. I tried to google, stack overflow. But couldn’t find the answer.

I noticed that when I double clicked on the edmx file, the status bar said “Initializing toolbox” just before closing of Visual Studio.

SOLUTION

  1. Close all the open windows using the Window->Windows menu in Visual Studio
  2. Explicitly click on the “Toolbox” pane. From the menu you would choose View->Toolbox.
  3. Then double click on .edmx to open it. You should be able to open it successfully.

I still unsure whether .edmx opened because I closed all the windows or because I opened the Toolbox explicitly.

Thanks :)



Windows Azure Cloud Computing for Dummies



Seriously, if you don’t understand anything about Windows Azure Cloud Computing, here is a neat article that talks about Windows Azure with complete clarity. Love this article :)

https://www.windowsazure.com/en-us/manage/windows/fundamentals/intro-to-windows-azure/

Following excerpt is taken from the article:

Windows Azure is Microsoft’s application platform for the public cloud. You can use Windows Azure just to store data, with the applications that use this data running on-premises (that is, outside the public cloud). You can use Windows Azure to create virtual machines for development and test or to run SharePoint and other applications. You can use Windows Azure to build massively scalable applications with lots and lots of users. Read more of it.

I suggest you opt for the 90-day free trial of Windows Azure. Powerful machine, simple to use.

Thanks :)



Parse error, unexpected T_OBJECT_OPERATOR – php



When upgrading/updating from WordPress 2.9.2 to 3.4.1 I received the following error

Parse error, unexpected T_OBJECT_OPERATOR

You will find various forums discussing this error. Many users have suggested different solutions. But in most cases the reason is that you are not using php5 version on your server. Instruct your host to switch to php5 or above version. You should be able to do it from your website’s admin control panel also.

Thanks :)



ASP.Net Forms Authentication, Safari/Chrome on iPhone and Persistent Cookies



I couldn’t resist but write about the solution to the following problem as I have spent several hours on this.

If you are on .Net and you don’t want the user to type his username/password every time he comes to your website (even if he closes the browser and opens it again), you would typically use .Net’s Forms Authentication’s persistent cookie feature.

In your project you would use the following code:

1
2
//c# code
FormsAuthentication.SetAuthCookie(userName, true /*createPersistentCookie*/);
1
2
3
4
5
<!--web.config-->
<authentication mode="Forms">
        <!--2880 minutes is 48 hours-->
	<forms loginUrl="~/Account/SignIn" timeout="2880"/>
</authentication>

The above solution works well on all major desktop browsers but does not work on iPhone/iPad/iPod browsers like Safari & Chrome. I am not mentioning Opera because it does not behave the way modern browsers do.

I have spent several days looking for the solution.

The second suggestion from Scott Hanselman along with this suggestion from Brian Y worked only partially.

STEP 1:

Scott suggests adding cookieless=”UseCookies” attribute as follows.

1
2
3
<authentication mode="Forms" >
  <forms loginUrl="~/Account/SignIn" timeout="2880" cookieless="UseCookies" />
</authentication>

STEP 2:

Brian suggests adding the following xml block to a .browser (browser definition file) file under App_Browsers folder in the project. Read the above Scott’s article to know about browser definition files.

1
2
3
4
5
6
<!--This is part of browser definition file remember. Not web.config. -->
<browser refID="Mozilla" >
    <capabilities>
        <capability name="cookies"  value="true" />
    </capabilities>
</browser>

This worked partially. In the sense, if the user closed the browser and opened it again, it remembered the cookies and signed in without asking for the user credentials. But it ignored timeout=”2880″. So it worked only for 30 minutes.

And finally, few more days of hunting brought me to this article with suggests adding machineKey element to your web.config.

STEP 3:
The above mentioned article suggests generating machineKey from this online tool and adding it to your web.config.

That’s it!! Combination of STEP 1, STEP 2 & STEP 3 above will bring you to a working solution.

I was extremely thrilled to see Safari & Chrome working past several hours. This was not an easy thing to crack. Thanks to all the people involved in providing different solution to this problem.

Thanks to the readers :)



Adding Razor support to existing ASP.Net MVC 3 project



Follow the below steps to add Razor support to existing ASP.Net MVC 3 project

  1. Create another Temporary project based on MVC 3 Razor support by default
  2. Compare the references, web.config (main one and one under views folder) in the Temporary project with my own project. Here I found references to System.Web.Helpers & System.Web.Webpages. Similar mentions exist in the web.config files also. Just copy those sections from the temporary project to your project.
  3. Copy the _ViewStart.cshtml file from temporary project to your project (under Views folder)
  4. Copy the _Layout.cshtml file from temporary project to your project (under Views\Shared folder)
  5. Also check inside _Layout.cshtml. It may be referencing other partial views, jquery (js file) etc. Make sure they all exist in your own project.
  6. That’s it. Compile and all should be set right.

Thanks :)



microsoft.data.entity.design.extensibility could not be loaded when opening edmx



I received this error when opening an edmx file in my ASP.Net MVC 3 project. Spent several hours to figure out. Another related problem I had was that the “ADO.Net Entity Data Model” project template did not appear when adding new item to the project. Spent several hours finding a solution & finally found it here: http://stackoverflow.com/questions/5696436/no-entity-data-model-edmx-template-with-visual-studio-2010-sp1-ado-net-entit

Installing “ADO.NET Entity Framework Tools” from Visual Studio 2010 media solved both the problems mentioned above.

Thanks :)