I am trying to connect to my cloud based ravendb database using the ravendb client. I have no issues on my local machine, however whenever I attempt to connect on my production game server, I receive the following error:
Forbidden access
{"Type":"InvalidAuth","Message":"This server requires client certificate for authentication, but none was provided by the client. Did you forget to install the certificate?"}
Please note that the production server runs on a stripped down version of ubuntu linux.
I verified that the certificate was shipped with the build image. I verified the certificate is valid and works. I know it works properly because on my local environment it works without issues.
I have the following code:
public static class DocumentStoreHolder
{
private const string CERTIFICATE_PASSWORD = "-snip-";
private static string CERTIFICATE_PATH = Path.GetFullPath("certificate.pfx");
public static X509Certificate2 GetCertificate()
{
return new X509Certificate2(CERTIFICATE_PATH, CERTIFICATE_PASSWORD);
}
public static void Initialize()
{
var certificate = GetCertificate();
if (certificate.HasPrivateKey)
{
ksLog.Debug("Private key exists.");
}
else
{
ksLog.Debug("Private key does not exist.");
}
LazyStore = new Lazy<IDocumentStore>(() =>
{
var store = new DocumentStore
{
Urls = new[] { "-snip-" },
Database = "-snip-",
Certificate = certificate,
};
return store.Initialize();
});
}
private static Lazy<IDocumentStore> LazyStore;
public static IDocumentStore Store => LazyStore.Value;
}
On the production server "Private Key Exists" is output. so we know that the certificate is loaded into memory properly.
Please note that I am using .net Framework 4.8. I am running the latest build of RavenDB Client.
I reached out to support and they had the following to say:
Basically it's about the X509 certificate's private key. In a lot of platform you need to allow the app to load that certificate explicitly e.g. by providing its thumbprint
Unfortunately that didn't help me much.
If anyone else has suggestions or things I can try, it would be most appreciated..!
Is there a chance there is some kind of utility on or between your prod server and the RavenDB Cloud instance?
The code seems fine and last time I saw such an error was when the Security Team in the company enabled software filtering out the client certificate sent to the server through the network.