none
Trouble Accessing a REST API -- The remote certificate is invalid according to the validation procedure RRS feed

  • Question

  • From within the company I am attempting to access an API (REST) provided by a source outside the company. Attempting to retrieve data via an HTTP GET.

    I continue to receive back -

          - The remote certificate is invalid according to the validation procedure

    I have been working with the folks that provide web hosting for our company. We have made a number of adjustments to include converting the site to https. Nothing has worked thus far.

    To rule out an issue with my code I copied over the my web page that calls the API onto my personal machine totally outside of the companies network. The page works perfectly pulling back the associated Json string from the API.

    I suspect that the problem has something to do with various internal network security controls but I am not totally sure that the problem is not at the site level either.

    I have inserted the exception that follows after I call the API from the web page. If anyone can point me in the right direction it would be greatly appreciated.

    Tuesday, March 14, 2017 4:29 AM

All replies

  • Hi,

    Given that this web app works outside your company network, it could be that your company uses SSL decryption to inspect the traffic via the firewall.

    I am assuming that it is the REST API service that you are unable to access via https.  

    1. Access the REST API service via the browser. See if it works. Also on the browser get the certificate details, such as issued to etc. ( See https://social.technet.microsoft.com/Forums/ie/en-US/e0ec4417-02cd-4670-ba4a-fcb57e0327d6/unable-to-view-ssl-certificate-in-ie11?forum=ieitprocurrentver )

    2. If accessing the API via the browser works within the company network. Then it could be .net WCF DNS identity that is blocking due to invalid server authentication ( https://msdn.microsoft.com/en-us/library/ms733130(v=vs.110).aspx ).




    • Edited by lanax Tuesday, March 14, 2017 10:45 AM
    Tuesday, March 14, 2017 10:37 AM
  • Hello,

    The API is indeed REST... I checked the certificate and is shows good. The response back on the browser is the exception message that I embedded into my original post. I am on vacation today but when I get back I will be passing this problem off to the company help desk. Seems that it has to be network related... somewhere.

    Guessing... maybe it has to do with ports being blocked. We did a SOAP implantation several months back and had no trouble at all with access.

    Tuesday, March 14, 2017 11:28 AM
  • >>The response back on the browser is the exception message that I embedded into my original post

    Do you use your web application address or Rest Service address? I assume the suggestion from lanax is to use Rest Address in web browser.

    If you get any updates from company desk, please feel free to let us know.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, March 15, 2017 2:20 AM
  • Within the code behind the page is calling out to the URI for the API.

    One thing to keep in mind is that this exact code running from my personal machine (Home User ISP = TWC) works perfectly. It is only when I run this same code from within the company, on its web host, and behind its firewall does it fail. This tells me that the code I have created is ok and that the issue is either related to the companies web site or within the companies network.

    I have a trouble ticket out to the Help Desk currently. Will probably be several days before there is something to report.

    Wednesday, March 15, 2017 2:48 AM
  • Hi,

    The screen shot is you have posted is when u access your web app on the browser, not the  API (REST) provided by the source outside the company.



    • Edited by lanax Wednesday, March 15, 2017 9:54 AM
    Wednesday, March 15, 2017 9:53 AM
  • Has your issue been resolved?

    We know your issue only exists under company. Based on the error message which is related with certificate. Since you call Rest API in your own web application, to check whether this issue is related with your web application or Rest API, we suggest you access the Rest API directly in IE.

    If you removing the Rest API function in your web application, will you get the same error?

    It would be helpful if you could share us the result of accessing Rest API in IE.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 17, 2017 2:17 AM
  • The issue has not been resolved -- Within the company removing the calls to the REST API the app runs as it should. In addition when you run this same exact code with the REST API enabled outside the company it works perfectly. The only place this app does not run is within the company.

    Today I worked with the companies networking people and we found the following on a scan -

    We see that the sending IP and the receiving IP are able to establish a session but only for a very short time. Suddenly on the company end the app sends a FIN ACK to the API. Right after that there is reference to a TCP Spurious Retransmission. A screen grab is provide below

    At this point we do not know why the app is passing a FIN ACK just after it sets up and what the references to the Spurious Retransmission are...

    Friday, March 17, 2017 2:35 AM
  • These information is helpless. What we need is accessing the REST API from IE in company, could you share us the screen shot about this?

    lanax and me have asked this information for multiple times.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 17, 2017 3:14 AM
  • I am not sure how to give you what you are asking for. The exception message I posted at the start is what comes back from the app when I call the page. If you are asking me to simply call the REST app via IE directly outside of the app, when I do this I get a page asking me to Run or Download something. When I click on it to run tells me it cannot download the file.

    The app is based upon VB.net. The call out to the REST API via the method shown below is embedded into the code behind. The only thing to see is the result of the web page after I type in the URL and hit enter.

    Knowing that the code works perfectly outside the company I believe that the fix will have to do with correcting/configuring something in the network. The prior screen grab (Wireshark) amplifies my feeling on that belief. I can leave the post running and feedback what we find or, if the my post is causing discomfort perhaps I should delete it and continue with the company Help Desk.

    Please advise...

    ------------------------

    Here is the sub calling out to the API... The sub is spawned by Page_Load

            Dim strMethodName As String = MethodBase.GetCurrentMethod().Name
            Dim strFullName As String = MethodBase.GetCurrentMethod().ReflectedType.FullName
            Dim strClassRoutine As String = strMethodName & " / " & strFullName
    
            Dim strOutageId As String = ViewState("OUTAGEIDVS")
            Dim intSysAdm As Integer = ViewState("SYSADMVS")
    
            Dim bolIsNORSProdSys As Boolean = True
    
            Dim strLogonUserId As String
            Dim strLogonPassword As String
            Dim strGETURI As String
    
            If bolIsNORSProdSys = True Then
    
                strLogonUserId = strProdUserId
                strLogonPassword = strProdPassword
                strGETURI = strProdGETURI
    
            Else
    
                strLogonUserId = strTestUserId
                strLogonPassword = strTestPassword
                strGETURI = strTestGETURI
    
            End If
    
            '----------------------------------------------------- Set up Web Request
    
            Dim WebReq As HttpWebRequest
            Dim WebResp As HttpWebResponse = Nothing
            Dim reader As StreamReader
    
            Dim strURI As String = strGETURI & " " & strOutageId
    
            WebReq = DirectCast(WebRequest.Create(strURI), HttpWebRequest)
            WebReq.ContentType = "application/json; charset=utf-8"
            WebReq.Method = "GET"
            WebReq.KeepAlive = True
    
            '----------------------------------------------------- Credentials
    
            Dim strLogonPasswordString As String = strLogonUserId & ":" & strLogonPassword
    
            Dim strAuthString As String = System.Convert.ToBase64String(Text.Encoding.UTF8.GetBytes(strLogonPasswordString))
    
            WebReq.Headers.Add("Authorization", "Basic " & strAuthString)
    
            If WebReq.Proxy IsNot Nothing Then
                WebReq.Proxy.Credentials = CredentialCache.DefaultCredentials
            End If
    
            '----------------------------------------------------- Response
    
            WebResp = DirectCast(WebReq.GetResponse(), HttpWebResponse)
            reader = New StreamReader(WebResp.GetResponseStream())
            Dim strReturnJsonString As String = reader.ReadToEnd()
            Dim strStatusCode As String = WebResp.StatusCode.ToString
    
            MsgBox(strReturnJsonString)

    When I type in the URL for the app this is what is returned when within the company. What is returned outside the company is a message box containing the Json string I am requesting.

    RResponse back when I enter the API directly into IE...

    Friday, March 17, 2017 4:33 AM
  • >>when I do this I get a page asking me to Run or Download something. When I click on it to run tells me it cannot download the file

    It seems you could not access your rest service from your company. Where did you host your Rest Service? If you access the same method in your computer, will it download the file correctly?

    Could you add a simple method in Rest Service which returns a simple string? Will it show up when you access this method in IE?

    In addition, are you familiar with Fiddler? If you are, I suggest you try Fiddler to capture the requests in your computer and company computer.

    If you get any update from company help desk, please feel free let us know.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, March 20, 2017 3:11 AM
  • The REST service I am accessing is hosted by the Federal Communications Commission / U.S. Government. My company is a telecommunications carrier that uses the access provided by the FCC in order to fulfill various reporting mandates as specified by Federal law.

    When I access this REST service from my personal machine, the one that I personally own, not the one provided by the company and is behind the company firewall, I am able to retrieve the required data with no issues encountered. It is only when I attempt to use the same exact code within the companies network, using the companies machine connected behind the company firewall the process breaks down. (Personal machines are prohibited from accessing the company network)

    At this point the issue has been assigned to Tier II networking within my company. Tier II has provided a scan (using Shark Wire) that shows that my IP is sending a FIN ACK just after a session sets up. Tier II has access to the network whereas they can monitor every point along the communications path. Currently I am awaiting a response back / further instructions from Tier II.

    I thought I might keep the post open until the problem is resolved by Tier II hoping it might help someone else someday. If is the wrong thing to do please let me know and I can close the post.

    Monday, March 20, 2017 4:13 AM
  • It is ok to keep this post open until this problem is resolved.

    If you have any update, feel free to let us know.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, March 20, 2017 5:17 AM