When I run my app in localhost it works fine but when I publish it to Azure my request stop working. Getting the error : "The request was aborted: Could not create SSL/TLS secure channel."
I have an app that calls a external commercial Soap-API. The external API requires a client certificate to be passed along as I make the requests and it also needs my ip address to be whitelisted.
The commercial API have whitelisted the IP's that I got from my app service/properties/outgoing & virtual IP addresses in Azure
I've added my client certificate file(.p12) to a folder in my solution and when checking the files uploaded to azure I can see it there as well.
Using RestSharp, my request looks like:
private string RequestToBv(string pXml)
{
X509Certificate2 cert = new X509Certificate2(bvCertificatePath, bvCertificatePassword);
var client = new RestClient(mXmlApiUrl); //mXmlApiUrl = url to endpoint
client.Timeout = -1;
client.ClientCertificates = new X509CertificateCollection() { cert };
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/xml");
request.AddParameter("application/xml", pXml, ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
if (response.StatusCode == HttpStatusCode.OK)
{
return response.Content;
}
return "";
}
When debugging in Azure I get StatusCode = 0 and the error message: "The request was aborted: Could not create SSL/TLS secure channel."
After searching stackoverflow for answers I've to add following lines of code at the top of my method:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;
But I still get the same error response.
Is there any settings I need to set in Azure or install my client certificate in some way on Azure?
Additional info after comment:
Another possible cause of the The request was aborted: Could not create SSL/TLS secure channel error is a mismatch between your client PC's configured cipher_suites values, and the values that the server is configured as being willing and able to accept.
However, the "Could not create SSL/TLS secure channel" error usually means that there's something wrong with the server certificate, e.g. the certificate is for a different hostname, or otherwise invalid, or not trusted etc.
The error “The request was aborted: Could not create SSL/TLS secure channel.” can happen during any download HTTP request. This error generally will correspond to firewalls, proxies or DNS filtering blocking the connection or an SSL/TLS cipher misconfiguration.
What I had to do was to convert my .p12 Certificate file to crt file, import it to Azure and then use X509Store in my code to get it. After that the handshake was successful
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With