This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

WEC 2013: SSL Remote Certificate failed issue

Question
0

Sign in to vote

Dear All,

I am facing issue while accessing https urls.

My code is following:

--------------------------

WebRequest postStateMessage = (HttpWebRequest)WebRequest.Create("https://www.google.com");

postStateMessage.Method = "GET";

var result = string.Empty;

var httpResponse = (HttpWebResponse)postStateMessage.GetResponse();

----------------------------

I am getting

"System.Net.WebException: Could not establish trust relationship with remote server--->System.Net.WebException: The remote certificate has failed validation procedure.

at System.Net.SslConnectionState.PerformClientHandshake()

at System.Net.Connection.connect(Object ignored)

at System.Threading.ThreadPool.Workitem.doWork(Object o)

at System.threading.Timer.ring()

at System.Net.HttpWebRequest.finishGetResponse()

at System.Net.HttpWebRequest.GetResonse()

try_ssl.Program.RequestToURL()

try_ssl.Program.RequestToURL()

try_ssl.Program.RequestToURL()

at try_ssl.Program.Main(String[] args)

===============

I am working on WEC 2013, update version September 2019.

In Catalog items I have already enabled SSL.

If we replace https:// with http:// above code works fine.

Also there was one blog where they suggested to skip validation step by overriding "System.Net.ICertificatePolicy" class "CheckValidationResult" method.With this change https was working fine, but we don't want to skip certificate validations.

Please Suggest what could be possible reasons.

Best Regards,

Lokesh Kumar

Wednesday, January 29, 2020 9:16 AM

Answers

3

Sign in to vote
Your system is probably still setup to use TLS 1.0 or 1.1, which isn't supported anymore (due to security issues) on most servers.

Check this blog post how to setup your registry, and make sure your CE tree is fully updated!
Good luck,

Michel Verhagen, eMVP
Check out my blog: https://guruce.com/blog

GuruCE
Microsoft Embedded Partner
NXP Proven Partner
https://guruce.com
Consultancy, training and development services.

Interested in WEC on i.MX6?
Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6
- Marked as answer by lokeshkumar_r15 Friday, January 31, 2020 4:45 AM
Thursday, January 30, 2020 2:37 AM

All replies

Sign in to vote

Sign in to vote

also when I used another link I got following error:

System.Net.WebException: Could not establish secure channel for SSL/TLS; --->
System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.ReceiveNoCheck(Byte[] buffer, Int32 index, Int32 request, SocketFlags socketFlags)
   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at System.Net.Connection.System.Net.ISslDataTransport.Receive(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.SslConnectionState.ClientSideHandshake()
   at System.Net.SslConnectionState.PerformClientHandShake()
   at System.Net.Connection.connect(Object ignored)
   at System.Threading.ThreadPool.WorkItem.doWork(Object o)
   at System.Threading.Timer.ring()

Wednesday, January 29, 2020 9:29 AM

3

Sign in to vote
Your system is probably still setup to use TLS 1.0 or 1.1, which isn't supported anymore (due to security issues) on most servers.

Check this blog post how to setup your registry, and make sure your CE tree is fully updated!
Good luck,

Michel Verhagen, eMVP
Check out my blog: https://guruce.com/blog

GuruCE
Microsoft Embedded Partner
NXP Proven Partner
https://guruce.com
Consultancy, training and development services.

Interested in WEC on i.MX6?
Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6
- Marked as answer by lokeshkumar_r15 Friday, January 31, 2020 4:45 AM
Thursday, January 30, 2020 2:37 AM
0

Sign in to vote

Hi Michel,

Thanks for your reply.

Is there a way to check which TLS version we have in our existing Package and if we do have outdated TLS, can we add support for new TLS(and how).

I had already integrated registry changes mentioned in your blog .we are testing on latest CE version(September 2019)

Best Regards,

Lokesh Kumar

Thursday, January 30, 2020 5:41 AM
0

Sign in to vote

I'm sure there is a way to ask TLS for a version, but I haven't had to do that before so I can't help you with that.

Latest update is December 2019 btw.
Good luck,

Michel Verhagen, eMVP
Check out my blog: https://guruce.com/blog

GuruCE
Microsoft Embedded Partner
NXP Proven Partner
https://guruce.com
Consultancy, training and development services.

Interested in WEC on i.MX6?
Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6

Thursday, January 30, 2020 10:06 PM
0

Sign in to vote
Hi Michel,

Thanks for replying, with latest updates and registry changes we were able to connect with https websites.

Now we just need to check Upgrade compatibility issues, hopefully we can find some solution for that too.

Could you please suggest what could be starting point to debug these IO errors.

Best Regards,

Lokesh Kumar
- Edited by lokeshkumar_r15 Friday, January 31, 2020 4:48 AM
Friday, January 31, 2020 4:47 AM
1

Sign in to vote

Now we just need to check Upgrade compatibility issues, hopefully we can find some solution for that too.

Could you please suggest what could be starting point to debug these IO errors.

I sure can: https://guruce.com/imx6

A true production ready, tested and lightning fast BSP goes a long way!
Good luck,

Michel Verhagen, eMVP
Check out my blog: https://guruce.com/blog

GuruCE
Microsoft Embedded Partner
NXP Proven Partner
https://guruce.com
Consultancy, training and development services.

Interested in WEC on i.MX6?
Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6

Friday, January 31, 2020 8:14 AM