none
Connect via .NET: Could not establish trust relationship for the SSL/TLS secure channel

    Question

  • 'm using the Azure Storage Client Library to connect to my azure blob storage and publish some files. Following code is an extract of what I'm using to establish the connection and create a blob container:

    var storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("settingsName"));
    
    client = storageAccount.CreateCloudBlobClient();
    
    var container = client.GetContainerReference("containerName");
                container.CreateIfNotExists();

    This works fine on my machine and 2 others on which I tested it. When I run/debug the exact same code on a corporate server I get following exception:

    Microsoft.WindowsAzure.Storage.StorageException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
       at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.ConnectStream.WriteHeaders(Boolean async)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
       --- End of inner exception stack trace ---
       at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
       at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext)

    The ip and port to my account are opened, but the rest of the server is completely secured.

    I have installed a third party AzureExplorer (https://azurestorageexplorer.codeplex.com/) which also works fine on my local machine, but it gives the same exception on the corporate server.

    I have tried to access one of my containers (which I made public) on the blob storage using internet explorer and this works fine. I do get following warning though, but I can continue to my file:

    There is a problem with this website's security certificate.     
    The security certificate presented by this website was not issued by a trusted certificate authority.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
    

    I have searched for an answer on the internet for a while now, but I can't seem to find the solution to this problem. Does anybody have an idea?

    Kind regards,

    Luc


    Friday, July 31, 2015 8:48 AM

Answers

  • Hi,

    As the problem appears to be with " website's security certificate " 

    It is very likely appears like your ACS namespace, issues, or access key is incorrect.  Building wouldn't give you this error, as building is only done in the local environment.   An option to check would be to make sure that your current firewall rules allow for the proper connections.

    The most likely cause is the certificate is not issued to the domain myapp.cloudapp.net. A certificate is trusted if it is used on the domain which it is issued to. For example, if you have a certificate issued to yourcompany.com or localhost, you cannot use it for myapp.cloudapp.net.

    It is recommended to purchase a real certificate for myapp.cloudapp.net. Alternatively, please try to issue a self signed certificate for the specific domain. You can also ask further questions on a certificate related forum.

    To enable SSL with self signed certificate on azure follow the steps provided here .

    Regards,

    Shirisha Paderu


    Friday, July 31, 2015 12:35 PM
    Moderator