search

aspnet / AspNetKatana

Microsoft's OWIN implementation, the Katana project
Apache License 2.0
963 stars 332 forks source link

Microsoft.Owin.Security.Twitter - The remote certificate is invalid according to the validation procedure. #426

Closed faceoffers28 closed 3 years ago

faceoffers28 commented 3 years ago

All of a sudden, my Twitter login stopped working in an Asp.net MVC 5 web app. I've tested with 2 Twitter apps. One of the apps is part of Twitter's new Projects & Apps Developer Portal. The other app is listed as a Standalone App under the Project & Apps Portal. I'm running version 4.2.0.

Have any of these keys expired?

BackchannelCertificateValidator = new Microsoft.Owin.Security.CertificateSubjectKeyIdentifierValidator(new[]
                        {
                            "A5EF0B11CEC04103A34A659048B21CE0572D7D47", // VeriSign Class 3 Secure Server CA - G2
                            "0D445C165344C1827E1D20AB25F40163D8BE79A5", // VeriSign Class 3 Secure Server CA - G3
                            "7FD365A7C2DDECBBF03009F34339FA02AF333133", // VeriSign Class 3 Public Primary Certification Authority - G5
                            "39A55D933676616E73A761DFA16A7E59CDE66FAD", // Symantec Class 3 Secure Server CA - G4
                            "4eb6d578499b1ccf5f581ead56be3d9b6744a5e5", // VeriSign Class 3 Primary CA - G5
                            "5168FF90AF0207753CCCD9656462A212B859723B", // DigiCert SHA2 High Assurance Server C‎A 
                            "B13EC36903F8BF4701D498261A0802EF63642BC3" // DigiCert High Assurance EV Root CA
                        }),

Thanks in advance!

faceoffers28 commented 3 years ago

Looks like Twitter updated their certs again. You can see this if you click on the cert using Google Chrome. I added this key identifier and it solved the problem.

"b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4" // DigiCert TLS RSA SHA256 2020 CA1