locked
The request was aborted: Could not create SSL/TLS secure channel RRS feed

  • Question

  • User-1556678718 posted

    Hi, 

    I'm sending SOAP call with attached certificate and I'm getting the following error:The request was aborted: Could not create SSL/TLS secure channel

    Here is my code:

    public static void CallMyWebService()
            {
                try
                { 
                var _url = "https://myurl.com";
                var _action = "https://myurl.com/myAction";
                XmlDocument soapEnvelopeXml = CreateSoapEnvelope();
                HttpWebRequest webRequest = CreateWebRequest(_url, _action);
                InsertSoapEnvelopeIntoWebRequest(soapEnvelopeXml, webRequest);
    
                ServicePointManager.Expect100Continue = true;
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11;
    
                IAsyncResult asyncResult = webRequest.BeginGetResponse(null, null);
                
                asyncResult.AsyncWaitHandle.WaitOne();
                
                string soapResult;
                using (WebResponse webResponse = webRequest.EndGetResponse(asyncResult))
                {
                    using (StreamReader rd = new StreamReader(webResponse.GetResponseStream()))
                    {
                        soapResult = rd.ReadToEnd();
                    }
                    Console.Write(soapResult);
                }
                }
                catch (Exception exc)
                {
                    Console.WriteLine(exc.Message);
                }
            }
            private static HttpWebRequest CreateWebRequest(string url, string action)
            {
                
               
                HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
                webRequest.Headers.Add("SOAPAction", action);
                webRequest.ContentType = "text/xml;charset=\"utf-8\"";
                webRequest.Accept = "text/xml";
                webRequest.Method = "POST";
               
               
    
                string certificatePath2 = "myCertificate.cer";
                X509Certificate certificate2 = new X509Certificate(certificatePath2);
                if (certificate2 == null)
                {
                    certificate2 = X509Certificate.CreateFromCertFile(certificatePath2);
    
                }
                webRequest.ClientCertificates.Add(certificate2);
    
                return webRequest;
            }
    
            private static XmlDocument CreateSoapEnvelope()
            { 
                    XmlDocument soapEnvelopeDocument = new XmlDocument();
               try
                { 
                soapEnvelopeDocument.Load("XMLFile1.xml");
               
                }
                catch (Exception exc)
                {
                    Console.WriteLine(exc.Message);
                }
                return soapEnvelopeDocument ;
            }
            private static void InsertSoapEnvelopeIntoWebRequest(XmlDocument soapEnvelopeXml, HttpWebRequest webRequest)
            {
                try
                { 
                using (Stream stream = webRequest.GetRequestStream())
                {
                    soapEnvelopeXml.Save(stream);
                }
                }
                catch (Exception exc)
                {
                    Console.WriteLine(exc.Message);
                }
            }

    I put both certificates in the bin folder and also in the project folder. Both of the root certificates are installed. 

    Please help

    Tuesday, December 11, 2018 7:33 AM

All replies

  • User-943250815 posted

    ASP.NET validate Server Certificates as any Browser, but this Certificate should be installed on right place for the right user.

    https://blogs.msdn.microsoft.com/jpsanders/2009/09/16/troubleshooting-asp-net-the-remote-certificate-is-invalid-according-to-the-validation-procedure/

    Tuesday, December 11, 2018 8:30 PM
  • User-893317190 posted

    Hi RioDD,

    Does  your .net framework support Tls12?

    The Tls12 attribute is only available after upgrading to .NET 4.5. Before 4.0, there were only two options, Ssl3 and Tls.

    This could also be caused by your certificat,you could refer to the link below to learn how to grant iis access to certificate store

    https://serverfault.com/questions/131046/how-to-grant-iis-7-5-access-to-a-certificate-in-certificate-store/132791#132791

    Best regards,

    Ackerly Xu

    Wednesday, December 12, 2018 4:03 AM
  • User-1556678718 posted

    The Tls12 attribute is only available after upgrading to .NET 4.5. Before 4.0, there were only two options, Ssl3 and Tls.

    I'm using .Net Framework 4.6.1 and Visual Studio 2017

    Wednesday, December 12, 2018 4:29 AM
  • User-893317190 posted

    Hi RioDD,

    Then please check whether your application has access to the Certificate.

    https://serverfault.com/questions/131046/how-to-grant-iis-7-5-access-to-a-certificate-in-certificate-store/132791#132791

    Please make sure you have set  tls before creating the request.

    //first set Tls
    ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
    //secondly , make a webrequest HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

    Best regards,

    Ackerly Xu

    Wednesday, December 12, 2018 4:43 AM
  • User-1556678718 posted

    Certificates are installed for the local machine, still same results

    Wednesday, December 12, 2018 5:19 AM
  • User-893317190 posted

    Hi RioDD,

    Have you set your ssl/tls settings firstly?

    /first set Tls
    ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                   | SecurityProtocolType.Tls11
                   | SecurityProtocolType.Tls12
                   | SecurityProtocolType.Ssl3;
    //secondly , make a webrequest
    
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

    I find you create  the request first and the set the SecurityProtocol.

    var _url = "https://myurl.com";
                var _action = "https://myurl.com/myAction";
                XmlDocument soapEnvelopeXml = CreateSoapEnvelope();
                HttpWebRequest webRequest = CreateWebRequest(_url, _action);
                InsertSoapEnvelopeIntoWebRequest(soapEnvelopeXml, webRequest);
    
                ServicePointManager.Expect100Continue = true;
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11;
    

    If it is not your case, you could refer to the link below,it has much discussion on the problem.

    https://stackoverflow.com/questions/2859790/the-request-was-aborted-could-not-create-ssl-tls-secure-channel

    Best regards,

    Ackerly Xu

    Wednesday, December 12, 2018 5:37 AM
  • User-1556678718 posted

    Hi Ackerly Xu,

    I've changed order, set the tls/ssl settings first but I still get the same response

    Wednesday, December 12, 2018 5:57 AM
  • User-893317190 posted

    Hi RioDD,

    You could refer to the code below.

     ServicePointManager.Expect100Continue = true;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;   
        ServicePointManager.ServerCertificateValidationCallback = (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => { return true; };
    
        HttpWebRequest webRequest = (HttpWebRequest)HttpWebRequest.Create(urlWithParams);
        webRequest.Method = "POST";
    
       //here add your certificate
    
        using (WebResponse webResponse = webRequest.GetResponse())
        {
            var sr = new StreamReader(webResponse.GetResponseStream(), Encoding.UTF8);
            var responseData = sr.ReadToEnd();
            return responseData;
        }

    Best regards,

    Ackerly Xu

    Wednesday, December 12, 2018 6:32 AM
  • User-1556678718 posted

    hi Ackerly,

    I'm still getting the same result. Here is mu code:

         
            public static void CallWebService()
            {
                try
                {
                    
                    ServicePointManager.Expect100Continue = true;
                    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11;
                    ServicePointManager.ServerCertificateValidationCallback = (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) => { return true; };
    
                    string certificatePath = "my certificate.cer";
                    X509Certificate certificate2 = new X509Certificate(certificatePath);
                    if (certificate2 == null)
                    {
                        certificate2 = X509Certificate.CreateFromCertFile(certificatePath);
    
                    }
                    var _url = "https://myUrl.com";
                    var _action = "https://myUrl.com/myAction";
                    XmlDocument soapEnvelopeXml = CreateSoapEnvelope();
                    HttpWebRequest webRequest = CreateWebRequest(_url, _action);
                    InsertSoapEnvelopeIntoWebRequest(soapEnvelopeXml, webRequest);
       
                    webRequest.ClientCertificates.Add(certificate2);
                    string soapResult;
                    using (WebResponse webResponse = webRequest.GetResponse())
                    {
                        using (StreamReader rd = new StreamReader(webResponse.GetResponseStream()))
                        {
                            soapResult = rd.ReadToEnd();
                        }
                        Console.Write(soapResult);
                    }
                }
                catch (Exception exc)
                {
                    Console.WriteLine(exc.Message);
                }
            }
            private static HttpWebRequest CreateWebRequest(string url, string action)
            {
                
               
                HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
                webRequest.Headers.Add("SOAPAction", action);
                webRequest.ContentType = "text/xml;charset=\"utf-8\"";
                webRequest.Accept = "text/xml";
                webRequest.Method = "POST";
               
                return webRequest;
            }
            private static XmlDocument CreateSoapEnvelope()
            { 
                    XmlDocument soapEnvelopeDocument = new XmlDocument();
               try
                { 
                soapEnvelopeDocument.Load("XMLFile1.xml");
               
                }
                catch (Exception exc)
                {
                    Console.WriteLine(exc.Message);
                }
                return soapEnvelopeDocument ;
            }
            private static void InsertSoapEnvelopeIntoWebRequest(XmlDocument soapEnvelopeXml, HttpWebRequest webRequest)
            {
                try
                { 
                using (Stream stream = webRequest.GetRequestStream())
                {
                    soapEnvelopeXml.Save(stream);
                }
                }
                catch (Exception exc)
                {
                    Console.WriteLine(exc.Message);
                }
            }
        }
    
    

    Wednesday, December 12, 2018 1:25 PM
  • User-943250815 posted

    @RioDD

    As I understand you want to connect to HTTPS web service and also have to authenticate using your own cert.
    And seems your problem is on first part, connect to HTTPS.
    As a test and only test, you can made an attempt bypassing certificate validation using . Just to see if it works
    Check how to here: https://dejanstojanovic.net/aspnet/2014/september/bypass-ssl-certificate-validation/
    Just in case any definition in ServicePointManager is global, so any change is application wide until another change
    By the way server certificate should be for same domain of URL, also Chain Certs and Root Cert should be stored on same place as well.

    Wednesday, December 12, 2018 3:12 PM
  • User-1556678718 posted

    Hi @jzero, 

    I have tried to bypass certificate validation like in the link but I'm still getting the same message

    Sunday, December 16, 2018 1:54 AM
  • User-1556678718 posted

    Can I get this message if the web service supplier have not installed my root certificate properly?

    Monday, December 17, 2018 4:49 AM
  • User-943250815 posted

    I have tried to bypass certificate validation like in the link but I'm still getting the same message

    I would made one more test using @Ackerly Xu proposal, just do a webrequest on google like his post. This just to confirm ByPass is working as supposed

    Can I get this message if the web service supplier have not installed my root certificate properly?

    I have no experience using self-certificate, but I think you right. In my case I had to buy a specific cert and it already uses same Chain as server Cert so it is accepted on server side

    You can also look again on first link I posted, there is some instructions for Trace negotiation. I hope this help

    Monday, December 17, 2018 2:37 PM