Skip to main content

Hi,

We created a client application in IAM for machine to machine as documented here, with client id and client secret. We get an access_token so this seems working.

When we try to submit a GET on a table in the application, we get the error 

Bearer error="invalid_token", error_description="The issuer 'https://localhost/indicium_gti4' is invalid"

As stated here we added this in the appsettings.json, and after restarting iis, but this did not help. We have a self signed certificate on this server, which is not secure Postman. Is this the problem?

 

 

Hello ​@Tejo van de Bor,

We have a self signed certificate on this server, which is not secure Postman. Is this the problem?

Yes, this is the problem. You can temporarily add your self-signed certificate to your trusted root certificate authorities in order to test if it works after that. If it still doesn’t work, then there’s probably something else wrong as well and we can look into it from there. But a secure connection (i.e. a trusted certificate) is a requirement.

I hope this helps

Thanks @Vincent Doppenberg, do you know a step by step script or walkthrough to create such a trusted certificate working with IIS on a development localhost? Cause we found some but at the end it always shows an invalid certificate in a browser (let alone testing with indicium)

Hello ​@Tejo van de Bor,

Your certificate itself is probably fine, the step that you’re missing is having your machine trust the signee. I can walk you through this, but I want to stress that this is not a viable long term solution and you really should undo this once it is no longer necessary, unless you are very aware of what you’re doing and you understand and accept the risks involved. If your self-signed certificate were to leak, people could use it to sign certificates that your computer would trust, when it should not. If you do intend to use a solution like this as a permanent solution, then I would recommend looking into some best practices (e.g. password protection and so on). So please proceed at your own risk.

The steps are as follows:

  1. Start → Run > mmc
  2. File → Add-remove Snap-ins
  3. Choose Certificates and then choose Computer account → Local computer
  4. OK
  5. I’m assuming that your self-signed certificate is already located in Personal\Certificates on your local machine, otherwise you can’t choose it in IIS (use the -CertStoreLocation cert:\LocalMachine\My parameter in PowerShell when creating the certificate). Navigate to your certificate in Personal\Certificates and export it.
  6. Navigate to Trusted Root Certification Authorities\Certificates and import the certificate.
  7. Optional but recommended, permanently delete the certificate from disk to avoid chance of leaking.

Thanks ​@Vincent Doppenberg this worked, all options using openssl created a mist for me ;-) 

Reply


Terms & ConditionsCookie settings