00ulmcqy0x0fpUCnU1t1.4716139915349497E12 (Customer) asked a question.
Hello,
I have started an integration with box. I uploaded the metadata file from Okta into Box.com, waited the 24 hours for confirmation. It was confirmed.. They are failing to accept the connection and they are blaming an expired cert. I uploaded the same day as I got it from Okta.
I am hoping you help me respond because I do not see an option to download just the certificate.
Thanks,
Keith
Here is the support response from box:
Mark Lazona (Box Customer Success)
Jan 9, 7:56 AM PST
Hi there,
Thank you for reaching Box User Services. Sorry to hear about the trouble. I'll be glad to help.
It appears your token-signing certificate has expired. Please export and email the new certificate to us. We'll update the IdP Connection settings on our servers. Since SSO is currently enabled and not required, you can still login to your Box account without using SSO.
That's strange that Box is reporting the certificate is showing as expired.
When you perform a SAML integration in general, the configuration requirements will be different for each service provider. Some will have you manually input the configuration, such as providing an SSO/ACS URL and uploading a certificate. Others, like Box, will allow you to upload a metadata file that has all this information in it. So the metadata file actually contains the certificate.
The metadata file is an XML file that can be viewed in a text editor. In the text editor, you'll see a tag for <ds:X509Certificate>, and the text within this tag will be the actual certificate. Copy and paste everything within the tags into a new plain text document and add "-----BEGIN CERTIFICATE-----" at the top and "----------END CERTIFICATE-----" at the bottom. Do not include the actual tags, just the contents. It should look something like this:
-----BEGIN CERTIFICATE-----
Copy/Paste of certificate text here.
-----END CERTIFICATE-----
Save the file with a .cer extenstion (if you're on Windows) and then open the file. In the new window, go to the "Details" tab and check the "Valid to" field for the date.
Using these steps, you can validate the expiration of the certificate in the metadata file.
Ultimately though, you'll probably just want to download the metadata file again from Okta and upload it to Box again. I really doubt they would give you an expired certificate, unless you did some kind of customization, as I believe you can create/upload custom certificates via the Okta API.
Hello,
I have downloaded "samples-python-flask-master" from Okta site , and run it on Windows 10, virtualenv and Python 3.6 with a slight modification because of the compile errors and got ssl.SSLCertVerificationError.
Your help is greatly appreciated.
Regards,
Moe
As you many need more information:
Here is the error message in my console.
----------------------------------------------------begin error message-----------------------------------
(flask_env) C:\Users\mtun\samples-python-flask-master\custom-login>python main.py
* Serving Flask app "main" (lazy loading)
* Environment: production
WARNING: Do not use the development server in a production environment.
Use a production WSGI server instead.
* Debug mode: on
* Restarting with stat
* Debugger is active!
* Debugger PIN: 362-185-477
* Running on http://localhost:8080/ (Press CTRL+C to quit)
127.0.0.1 - - [20/Oct/2019 11:30:41] "GET / HTTP/1.1" 200 -
127.0.0.1 - - [20/Oct/2019 11:30:45] "GET /login HTTP/1.1" 200 -
127.0.0.1 - - [20/Oct/2019 11:31:01] "GET /authorization-code/callback?code=Nttr9T7qkk2hFOP3w_Uq&state=eyJjc3JmX3Rva2VuIjogIkc2MVBLNS1IaDlFS2M3c0pja2Via2wwd3F3dG0tSnRQIiwgImRlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6VXhNaUo5LkltaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EQTRNQzl3Y205bWFXeGxJZy45QjhGMTVXYU1adHBRT2ZYRF9zdEsyOGF1Yl9LZTVrYUFKajV0eGR5Njg4LVlydG11cGlGWWlpX1h1Q2R6anBGd0FDYWNRWnllZHNwS0xmNG1ObEx3QSJ9 HTTP/1.1" 500 -
Traceback (most recent call last):
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 2309, in __call__
return self.wsgi_app(environ, start_response)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\_compat.py", line 35, in reraise
raise value
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\_compat.py", line 35, in reraise
raise value
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask\app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask_oidc\__init__.py", line 657, in _oidc_callback
plainreturn, data = self._process_callback('destination')
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\flask_oidc\__init__.py", line 689, in _process_callback
credentials = flow.step2_exchange(code)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\oauth2client\_helpers.py", line 133, in positional_wrapper
return wrapped(*args, **kwargs)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\oauth2client\client.py", line 2054, in step2_exchange
http, self.token_uri, method='POST', body=body, headers=headers)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\oauth2client\transport.py", line 282, in request
connection_type=connection_type)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\httplib2\__init__.py", line 1957, in request
cachekey,
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\httplib2\__init__.py", line 1622, in _request
conn, request_uri, method, body, headers
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\httplib2\__init__.py", line 1528, in _conn_request
conn.connect()
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\site-packages\httplib2\__init__.py", line 1311, in connect
self.sock = self._context.wrap_socket(sock, server_hostname=self.host)
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\ssl.py", line 423, in wrap_socket
session=session
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Users\mtun\AppData\Local\Continuum\anaconda3\envs\flask_env\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)
127.0.0.1 - - [20/Oct/2019 11:31:01] "GET /authorization-code/callback?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 200 -
127.0.0.1 - - [20/Oct/2019 11:31:01] "GET /authorization-code/callback?__debugger__=yes&cmd=resource&f=jquery.js HTTP/1.1" 200 -
127.0.0.1 - - [20/Oct/2019 11:31:01] "GET /authorization-code/callback?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 200 -
127.0.0.1 - - [20/Oct/2019 11:31:02] "GET /authorization-code/callback?__debugger__=yes&cmd=resource&f=ubuntu.ttf HTTP/1.1" 200 -
127.0.0.1 - - [20/Oct/2019 11:31:02] "GET /authorization-code/callback?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
--------------------------------------------end error message on console-----------------------------------------------
I am new to this and have a feeling that a simple fix may solve the problem.