locked
"The remote certificate is invalid according to the validation procedure

    Question

  • Hi,

    I am trying to send HTTPS request using HttpWebRequest in c# under framework 2.0.

    The server require x509 certificate. when trying to connect i get message that says "the underlyning connection is closed could not establish trust relationship for the ssl/tls secure channel"

    The inner error is "The remote certificate is invalid according to the validation procedure".

    i know that the certificate is valid and i know i am sending the correct one(saw in debug before send)

    in browser it works fine. it also worked fine with the same code to another server.

    The code is

    HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(sFullHttpsRequest);

    myRequest.Method = "GET";

    //This part build the certificate needed for the telstra site

    X509Certificate xCert = new X509Certificate();

    xCert = X509Certificate.CreateFromCertFile(CPlgMain.m_sCertificate_File);

    myRequest.ClientCertificates.Add(xCert);// = xCertCol;

    //Create field to hold the response

    HttpWebResponse webresponse;

    webresponse = (HttpWebResponse)myRequest.GetResponse();

    ************************************************************************************

    After this line i get exception. Please help

    Monday, May 01, 2006 11:32 AM

Answers

  • One of the reasons why you could receive this mesage if the server sertificate has errors in it - it is expired or the name does not match or is not signed by an authority you trust. In those cases IE will give you a warning but you have the option to proceed. That is why I asked you for a trace - to see what is going on the wire. In case the remote server certificate has indeed errors but you want to ignore them you can use the ServicePointManager.ServerCertificateValidationCallback

    Let me know if this helped

    Mariya

    Tuesday, May 02, 2006 12:35 PM

All replies

  • Can you get a trace log an post it? Instructions on how to get a trace are here:

    http://blogs.msdn.com/dgorti/archive/2005/09/18/471003.aspx

    Thanks

    Mariya

    Monday, May 01, 2006 5:15 PM
  • One of the reasons why you could receive this mesage if the server sertificate has errors in it - it is expired or the name does not match or is not signed by an authority you trust. In those cases IE will give you a warning but you have the option to proceed. That is why I asked you for a trace - to see what is going on the wire. In case the remote server certificate has indeed errors but you want to ignore them you can use the ServicePointManager.ServerCertificateValidationCallback

    Let me know if this helped

    Mariya

    Tuesday, May 02, 2006 12:35 PM
  • Hello,

    I am currently facing exactly this issue.
    Here is what I got from the log
    System.Net Information: 0 : [83936] SecureChannel#62111153 - Left with 0 client certificates to choose from.
    System.Net Information: 0 : [83936] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)
    System.Net Information: 0 : [83936] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = myserver, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
    System.Net Information: 0 : [83936] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=70, returned code=ContinueNeeded).
    System.Net Information: 0 : [83936] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 238da8b1c60, targetName = myserver, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
    System.Net Information: 0 : [83936] InitializeSecurityContext(In-Buffer length=741, Out-Buffer length=182, returned code=ContinueNeeded).
    System.Net Information: 0 : [83936] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 238da8b1c60, targetName = myserver, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
    System.Net Information: 0 : [83936] InitializeSecurityContext(In-Buffer length=6, Out-Buffer length=0, returned code=ContinueNeeded).
    System.Net Information: 0 : [83936] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 238da8b1c60, targetName = myserver, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
    System.Net Information: 0 : [83936] InitializeSecurityContext(In-Buffer length=37, Out-Buffer length=0, returned code=OK).
    System.Net Information: 0 : [83936] Remote certificate: [Version]


    System.Net Information: 0 : [83936] SecureChannel#62111153 - Remote certificate has errors:
    System.Net Information: 0 : [83936] SecureChannel#62111153 -     A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    System.Net Information: 0 : [83936] SecureChannel#62111153 - Remote certificate was verified as invalid by the user.
    System.Net Error: 0 : [83936] Exception in the HttpWebRequest#27543569:: - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
    System.Net Error: 0 : [83936] Exception in the HttpWebRequest#27543569::EndGetResponse - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
    System.Net Verbose: 0 : [83936] HttpWebRequest#27543569::Abort()
    System.Net Error: 0 : [83936] Exception in the HttpWebRequest#27543569:: - The request was aborted: The request was canceled.
    System.Net Verbose: 0 : [83936] Exiting HttpWebRequest#27543569::Abort()


    The Certificate indeed is expired, but still I want to use it!
    Where should I install it in which store to validate that the certificate is OK?

    What is strange is when I debug this with VS2005, I accepted in the IE the certificate, and then when I debugged with VS2005 it worked fine.
    I installed the same code in a Virtual Directory, I run the http://localhost/myApplication it generated the error you are seeing above.

    I'm bit lost with all this

    Can anyone help me?

    Regards,
    Stefan
    http://www.itsconsulting.fr

    Wednesday, September 19, 2007 12:02 PM
  • I had a similar issue calling a web service on my app server from my web server using an SSL connection through a firewall. For some reason, everything worked fine when debugging in Visual Studio. But running the app in a browser window gave this message. I had installed both the SSL cert and the CA Root cert on the app server holding my web service. But I had failed to install the CA Root cert on my web server. When I installed this, everything worked fine.

    Try this, it may help you too. Good luck!

     

    P.S. I did not use IE to install the CA Root certs, I used mmc.

     

     

    Thursday, March 13, 2008 5:09 PM