Menu
I'm making an httpwebrequest using a public Root authority Certificat file X509. I only have the public key, not the private key. Everything works fine from a Console app but it does not work from an asp.net app. I get the error: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
The option to disable Validation is not an option.
Here is the code
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://xxxxxxx/gateway.aspx");
string post = "abcdef";
req.ContentType = "application/x-www-form-urlencoded";
req.Method = "POST";
req.ContentLength = post.Length;
var cert = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(@"c:\temp\root.cer");
req.ClientCertificates.Add(cert);
StreamWriter stOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII);
stOut.Write(post.ToString());
stOut.Close();
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
Here is the System Logs from System.Net and System.Net Sockets.
System.Net Information: 0 : [5928] SecureChannel#8106798 - A certificate chain could not be built to a trusted root authority.
System.Net Information: 0 : [5928] SecureChannel#8106798 - Remote certificate was verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [5928] Socket#7486778::Dispose()
System.Net Error: 0 : [5928] Exception in the HttpWebRequest#51319244:: - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
System.Net Error: 0 : [5928] Exception in the HttpWebRequest#51319244::EndGetRequestStream - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Further info
If I use this code (from CodeGuru)
public static bool ValidateServerCertificate(object sender,
X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors ==
SslPolicyErrors.RemoteCertificateChainErrors) {
return false;
} else if (sslPolicyErrors ==
SslPolicyErrors.RemoteCertificateNameMismatch) {
System.Security.Policy.Zone z =
System.Security.Policy.Zone.CreateFromUrl
(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone ==
System.Security.SecurityZone.Intranet ||
z.SecurityZone ==
System.Security.SecurityZone.MyComputer) {
return true;
}
return false;
}
return true;
}
I ultimately get the error:
Remote Certificate Chain Error
943
A common reason you may receive the error Could not establish trust relationship for the SSL/TLS secure channel is because the SSL certificate isn't trusted. If the SSL certificate is not trusted, you will need to install the SSL certificate's root certificate.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The most straightforward way to get around this issue is to create your own custom validation of server certificates using the ServerCertificateValidationCallback property.
Go to Central Administration =>Security =>Manage Trust. In the ribbon interface, go to Trust Relationships Tab =>Manage group =>Click on New button. In the Root Certificate to trust relationship section, click on Browse. Select the certificate that we have exported.
TLDR: SSL/TLS encrypts communications between a client and server, primarily web browsers and web sites/applications. SSL (Secure Sockets Layer) encryption, and its more modern and secure replacement, TLS (Transport Layer Security) encryption, protect data sent over the internet or a computer network.
This problem can be fixed with this added to Application_Start:
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
It basically allows for a mismatch between the server and its certificate.
Source:
http://www.ben-morris.com/asp-net-web-services-and-ssl-certificates-establishing-a-trust-relationship
Note: This workaround is not recommended for production
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
