DotNetOpenAuth - diagnosing "No OpenID Endpoint Found" on Mono

I'm running the mono branch build of DotNetOpenAuth and having problems with No OpenID Endpoint Found errors trying to authenticate using google, but not sure how to diagnose them.

More info:

• Running the same mono branch build under Windows works.
• Authenticating with a local openid provider works fine (Windows and Linux).
• Authenticating using myopenid works (maybe cause it's not https like google?)
• Same Web.Config, binaries everything under Windows and Linux.
• Have disabled the DNOA openid cacheDiscovery setting.
• Have checked SSL works through firewall from the Linux machine. (ie: wget https://www.google.com works).
• Have checked the apache error logs, no errors reported.

Any hints on how to diagnose this?

Follow up: still looking into this, as best I can tell this is a mono/ssl issue not related to dotnetopenauth. A simple ssl request from C# code fails with Invalid certificate received from server. Error code: 0xffffffff800b010a exception.

Running mozroots under mono 2.4/ubuntu 9.10 desktop fixes the problem, but same mozroots c开发者_如何学运维ommand on mono 2.6/ubuntu 10.10 server doesn't help. I'm using this:

yes yes|sudo mozroots --import --machine

It says it imported the certificates, but a simple command line program to request https://www.google.com still fails.

You need to create an empty 'keypairs' directory alongside the 'certs' directory in the machine store:

  sudo mkdir /usr/share/.mono/keypairs

mozroots (and certmgr under the hood) don't create it but without it mono runtime will refuse making connections (and it cannot create it itself as the machine store is writeable only by root; why it needs to create it and then leave it empty, I don't know).

This is a hack answer, but at least I got it working...

Seems that the machine certificate store doesn't work in mono 2.6/ubuntu 10.10 server. Don't know why.

The fix is to import the mozroots root certificates into the www-data user certificate store. Since I couldn't figure out how to do that with the mozroots tool, I did it manually like this:

sudo mkdir /var/www/.config/.mono/certs/Trust
sudo mkdir /var/www/.config/.mono/certs/CA
sudo cp /usr/share/.mono/certs/Trust /var/www/.config/.mono/certs/Trust

Now it works...