You are viewing limited content. For full access, please sign in.

Question

Question

Forms Multi-Server Configuration Utility - Invalid certificate - Invalid provider type specified

Forms Version 12 Administration
Updated December 1
asked on November 24

Hello all,

We have been trying to follow the white paper to set up WCF communication between the DMZ Forms server and the internal one, but getting no luck so far. The message we got from running the tool on the DMZ Forms server was.

System.Exception: ERROR: Invalid certificate. ---> System.Exception: "System.Security.Cryptography.CryptographicException: Invalid provider type specified.\r\n\r\n   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)\r\n   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)\r\n   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()\r\n   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)\r\n   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()\r\n   at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate)\r\n   at E_Forms.WebApi.Version1.Controllers.WcfSettingsController.ValidateIISRightsForCertificate(String thumbprint)"
   --- End of inner exception stack trace ---
   at DMZConfigurationUtility.DMZConfignUtility.<ValidateCertificate>d__28.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at DMZConfigurationUtility.DMZConfignUtility.<btnTest_ClickAsync>d__24.MoveNext()

 

This appears to be a typical issue of CNG vs CAPI certificates, but I also remember reading an article in this forum saying that it shouldn't be an issue with Laserfiche 11 and later. Does anyone have a definite answer if it's one way or the other?

Another question that I have is how many certificates are actually needed between the DMZ and internal Forms server for the whole setup with WCF communication? Would it be always 4 certs? Two for each of the IIS instances and two separate ones for WCF purposes? 

Any comments or suggestions would be greatly appreciated. Thank you!

-H

0 0

Replies

replied on November 27

Hi Hao, the cause of the error may just be the invalid certificate. Each machine needs its own certificate for the configuration, and IIS and WCF can share the same one. If you still cannot resolve the issue, I suggest opening a support ticket for further investigation.

0 0
replied on December 1

Zanbo, thanks for the clarification on the # of certs needed. Initially, my inquiry was stemming from this post. But it wasn't conclusive if CNG certs were tested or now. I suppose we could generate another set of self-signed certs (as Rui Deng mentoned) to test out.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...