Deployed, got cert from CA now getting System.Security.Authentication.AuthenticationException

[mrpullen]

I am not sure where I've gone wrong here, but I am having some certificate issues.

I registered a domain holovisor.net and got a SSL certificate from godaddy for bot.holovisor.net. I added a CNAME to my azure cloud service holovisor.cloudapp.net. I've uploaded the certificate, deployed the HueBot project, and reviewed the existing issues.

Let's summarize the full stack configuration to define what is inconsistent: SubjectName of our certificate: 'bot.holovisor.net' last SAN 'www.bot.holovisor.net' DNS name of our cloud service is 'holovisor.cloudapp.net'; We created CNAME DNS record bot.holovisor.net -> holovisor.cloudapp.net. We created CNAME DNS record www.bot.holovisor.net -> holovisor.cloudapp.net.

Public IP address holovisor cloud service at Azure dashboard: 13.82.217.186 nslookup bot.holovisor.net

Non-authoritative answer: Name: holovisor.cloudapp.net Address: 13.82.217.186 Aliases: bot.holovisor.net

At the bot's dashboard we have following configuration: Messaging endpoint: https://www.bot.holovision.net/api/messages Webhook (For calling): https://www.bot.holovision.net/api/calling/call Enable calling, Real Time Media, Video (Audio always enabled), Screen sharing In the configuration of the service we have ServiceDnsName -> holovision.cloudapp.net ServiceDnsName -> holovisor.cloudapp.net ServiceDnsAlias -> www.bot.holovisor.net

In analytics I am seeing the following error.

POST to HoloVisorBot failed: Bad certificate Exception type: System.Security.Authentication.AuthenticationException Failed method: System.Net.TlsStream.EndWrite Problem Id: System.Security.Authentication.AuthenticationException at System.Net.TlsStream.EndWrite

Any help greatly appreciated. Thanks

[MalarGit]

In the service config, <Setting name="ServiceCNAME" value="www.bot.holovisor.net" /> Also could you validate the certificate is enabled for server authentication? Server Authentication (1.3.6.1.5.5.7.3.1)

[mrpullen]

Certificate Info

Subject Alternative Name DNS Name=bot.holovisor.net DNS Name=www.bot.holovisor.net Enhanced Key Usage Server Authentication (1.3.6.1.5.5.7.3.1) Client Authentication (1.3.6.1.5.5.7.3.2)

Configuration

In the service config

<Setting name="ServiceDnsName" value="holovisor.cloudapp.net" />
<Setting name="ServiceCNAME" value="www.bot.holovisor.net" />

[mrpullen]

You can take a look at the cert Message API

Is this an issue cause Starfield Root Certificate Authority issued the cert??

That's how I got it from GoDaddy, but I can re-issue if that might be the problem.

[MalarGit]

Looks like that might be the problem. Everything else seems right. Could you try getting it reissued? Thanks

[mrpullen]

Cert signed by GoDaddy Cert Chain works without issue. I am getting an internal error now, not "You cannot talk to this bot" message, and my text based messages are going through.

Thanks for the help!!

Would it be possible to post up a list of "valid" CA / Root Certs so folks can avoid having this trouble??

[mrpullen]

Oh.. another thing I did was just use an A record for DNS instead of a CNAME. Probably where my internal error is coming from..

[MalarGit]

@mrpullen The trusted CA's should satisfy these requirements. https://technet.microsoft.com/en-us/library/cc751157.aspx. I am not sure if we have a published list. I'll ask around. thanks

[mrpullen]

Any guidance on this error?

EventName="MessageEvent" Message="[78cb5ff8-4130-4bac-99c7-1ade77b73332 Dispose,MediaSession.cs(214)] SpeechRecoginition task did not finish within expected time" TraceSource="FrontEnd" WorkerRole_IN_0 50fd473652d84316a98db5b69878f7a9 6/21/2017 6:51 PM

I Bing Speech API subscription in azure, I've verified that my key is correct. I had the subscription set to free, found out I was having issues here and bumped it up to S0.