setExpressCheckout and SSL/TLS error

Question

I'm trying to develop a simple application that will enable users to purchase services off a website through the Paypal API. This application is running on ASP.NET with C#.

I have had very little luck trying to get the Paypal API to co-operate. The method I'm calling is SetExpressCheckout with all the appropriate variables.

I did my research and discovered that since I'm testing in Localhost, it may affect Paypal's ability to communicate with the application. So the next thing I tried was accessing my application through an open port and a publicly accessible IP address, but the same error occurs on the call to SetExpressCheckout.

Here is the error:

Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Source Error: 


Line 1790:        [return: System.Xml.Serialization.XmlElementAttribute("SetExpressCheckoutResponse", Namespace="urn:ebay:api:PayPalAPI")]
Line 1791:        public SetExpressCheckoutResponseType SetExpressCheckout([System.Xml.Serialization.XmlElementAttribute(Namespace="urn:ebay:api:PayPalAPI")] SetExpressCheckoutReq SetExpressCheckoutReq) {
Line 1792:            object[] results = this.Invoke("SetExpressCheckout", new object[] {
Line 1793:                        SetExpressCheckoutReq});
Line 1794:            return ((SetExpressCheckoutResponseType)(results[0]));

Source File: c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\anan_p2\730602d6\31a8d74e\App_WebReferences.c8vgyrf8.2.cs    Line: 1792 

I've also tried generating certificates using OpenSSL and uploading them to the Paypal account's encrypted seller option but still no effect.

Thank you very much for reading through my question!

Update: As requested here is the code being used.

        String hostingOn = ConfigurationManager.AppSettings["default_site_url"];
        reqDetails.ReturnURL = hostingOn + "marketplace_confirm.aspx";
        reqDetails.CancelURL = hostingOn + "marketplace.aspx";
        reqDetails.NoShipping = "1";
        reqDetails.ReqConfirmShipping = "0";

        reqDetails.OrderTotal = new BasicAmountType()
        {
            currencyID = CurrencyCodeType.CAD,
            Value = payment_amt.Value,
        };

        SetExpressCheckoutReq req = new SetExpressCheckoutReq()
        {
            SetExpressCheckoutRequest = new SetExpressCheckoutRequestType()
            {
                Version = UtilPayPalAPI.Version,
                SetExpressCheckoutRequestDetails = reqDetails
            }

        };

        PayPalAPIAASoapBinding paypal = new PayPalAPIAASoapBinding();

        paypal.SetExpressCheckout(req);

I am also using the https://api-aa-3t.paypal.com/2.0/ url for accessing the API

Answer 1

Since early 2016, Paypal started requiring TLS 1.2 protocol for communications in the Sandbox, and will enforce it for the live environment starting June 17. See here for reference.

In most .NET applications TLS 1.2 will come disabled by default, and therefore you'll need to enable it.

You need to add the following line, for example, at the beginning of you Application_Start method:

public class Site : HttpApplication
{
    protected void Application_Start()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
        // other configuration
    }
}

Answer 2

You're probably connecting to api.paypal.com or api.sandbox.paypal.com, and not sending along your API certificate. The API certificate is a client SSL certificate used to complete the SSL chain.

If you don't have or are not using an API certificate, you should connect to api-3t.paypal.com or api-3t.sandbox.paypal.com for Live or Sandbox respectively.