im doing a WebRequest on webservice.domain.com in an console application:
WebRequest webRequest = HttpWebRequest.Create(url_web);
WebResponse webResp = webRequest.GetResponse();
and i get an exeption every time the WebRequest is called:
The request was aborted: Could not create SSL/TLS secure channel.
The Destinationserver is secured by a certificate, bound to mail.domain.com, alternative names are webservice.domain.com and some other subdomains.
Already tried
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(delegate { return true; });
WebRequest webRequest = HttpWebRequest.Create(url_web);
WebResponse webResp = webRequest.GetResponse();
without success.
"Normal" certificates, wildcard or standard work without any problems.
Try this
webRequest.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => { return true; };
Related
I am client side developer (Unity/C#) and I have API that require SSL certificate at connection. I have this certificate (.pfx).
When I try to make request by HttpWebRequest class (code listen below) I have error (code 400: Bad request, No required SSL certificate was sent). Any idea how to make it works?
When I put my URL in browser I have popup which asks for certificate and I can provide certificate there and then I have result!
Maybe I need to use Stream from request?
Here is how request looks in Inspector:
void Connect() {
// I think it is not necessary
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
// certificate creation
certificate = new X509Certificate2(path, pass);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
// adding certificate to request
request.ClientCertificates.Add(certificate);
request.Method = "GET";
request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequested;
request.Accept = "application/json";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
}
public static bool ValidateServerCertificate(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}
I have been trying various combinations of HttpWebRequest objects (in SSIS) to connect to webservices geocoding site to pull back individual geocoding information with no luck. This is a JSON response and https URL.
string wUrl = "https://geocoding.geo.census.gov/geocoder/geographies/onelineaddress?address=1600+Pennsylvania+Ave+NW,+Washington,+DC,+20500&benchmark=Public_AR_Current&vintage=4&format=json";
X509Certificate cert = X509Certificate.CreateFromCertFile("C:\\Users\\kwhauser\\geocode.cer");
HttpWebRequest httpWReq = (HttpWebRequest)WebRequest.Create(wUrl);
//WebRequest httpWReq = WebRequest.Create(wUrl);
//httpWReq.Method = "GET";
httpWReq.ClientCertificates.Add(cert);
//httpWReq.ContentType = "application/json";
//ServicePointManager.ServerCertificateValidationCallback = (s, cert, chain, ssl) => true;
//ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
//HttpWebResponse httpWResp = (HttpWebResponse)httpWReq.GetResponse();
//HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();
try
{
HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();
//WebResponse response = httpWReq.GetResponse();
//Stream responseStream = response.GetResponseStream();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
if (ex.InnerException != null)
MessageBox.Show(" InnerException: " + ex.InnerException.Message);
}
It doesn't matter if I try to load cert from file or use the callback one, I still get the same error message:
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
DotNet framework version is 4.7. The site expects TLS12. I've added simple REST Client extension to chrome and tested the URL with success. It fails on the GetResponse.
What am I missing?
System.Net.ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)3072;
I am trying to make a connection to my kubernetes api and cant seem to get SSL to work from C#.
When i run the following via curl, everything seems to work as expected:
And I have this for c# to do the same:
try
{
// use the TLS protocol
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
// create HTTP web request with proper content type
HttpWebRequest request = WebRequest.Create(Constants.K8_API_RC_URI) as HttpWebRequest;
request.ContentType = "application/json;charset=UTF8";
request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + Constants.K8_TOKEN);
// load the X.509 certificate and add to the web request
X509Certificate cert = new X509Certificate(Constants.K8_CRT);
request.ClientCertificates.Add(cert);
// call the web service and get response
WebResponse response = request.GetResponse();
Stream responseStream = response.GetResponseStream();
string jsonContents = new StreamReader(responseStream).ReadToEnd();
}
catch (Exception exc)
{
// log and print out error
log.Info(exc.Message);
}
Where
Constants.K8_CRT is the Path to ca.crt
and ca.crt contains the following:
-----BEGIN CERTIFICATE-----
MIIDMDCCAhigAwIBAgIIcwd9rrnaPcowDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIYWNzazhz
and more letters.......
cwSfuIp7e49KC3HSqcU3Mz4oFNm5bw==
-----END CERTIFICATE-----
I get the following error:
Could not create SSL/TLS secure channel.
P.S. I know there are Kubernetes clients for .Net out there and I have tried just about all of them but since I am integrating this with Azure Functions most of the third party libraries do not work for various reasons.
The CA cert should be used to validate server cert chain, not passed as an ClientCertificate.
Here is an example.
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => {
if (errors == SslPolicyErrors.None) return true;
X509Certificate2 serverCert = new X509Certificate2(certificate);
X509Certificate2 caCert = new X509Certificate2(#"./ca.cert");
chain.ChainPolicy.ExtraStore.Add(caCert);
chain.Build(serverCert);
foreach (var chainStatus in chain.ChainStatus) {
if (chainStatus.Status == X509ChainStatusFlags.UntrustedRoot) continue;
if (chainStatus.Status != X509ChainStatusFlags.NoError) return false;
}
return true;
};
HttpWebRequest request = WebRequest.CreateHttp("https://master:6443/api/v1");
request.Headers[HttpRequestHeader.Authorization] = "Bearer " + "SOME_TOKEN";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
var content = new StreamReader(response.GetResponseStream()).ReadToEnd();
Console.WriteLine(content);
Thanks for #Jimi's comments i was able to get this to work with adding the following:
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true; // **** Always accept
};
NOTE: Im certain this just ignores the SSL validation and continues without it. In our case this may be acceptable.
I’m tryng to access a ssl server (web service) from a .net client (c#). I have access to a java client code that can connect to the server. Included in the source code are 3 files (saPubKey.jks, WebServices.pfx and trustStore) and I think that only 2 of the 3 are used in the java example.
private void setSSLConnection(WSBindingProvider bp){
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(this.getClass().getClassLoader().getResourceAsStream("WebServices.pfx"), "password".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "password".toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyStore ts = KeyStore.getInstance("JKS");
ts.load(this.getClass().getClassLoader().getResourceAsStream("trustStore"), "pass".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
bp.getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext.getSocketFactory());
}
The code I have for the c# client is this
var clientCertificate = new X509Certificate2(#"C:\WebServices.pfx", "password");
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://blablabla.org:700/fws/ftrs");
req.ClientCertificates.Add(clientCertificate);
req.Headers.Add("SOAPAction", "\"https://blablabla.org:700/fws/ftrs/Rgdvice\"");
req.ContentType = "text/xml;charset=\"utf-8\"";
req.Accept = "text/xml";
req.Method = "POST";
using (Stream stm = req.GetRequestStream())
{
using (StreamWriter stmw = new StreamWriter(stm))
{
stmw.Write(soap);
}
}
WebResponse response = req.GetResponse(); //(500) Internal Server Error.
Stream responseStream = response.GetResponseStream();
Method req.GetResponse() throws "(500) Internal Server Error."
With no client certificates added I get: "An unexpected error occurred on a send."
I also tried this line of code with no luck:
ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
I'm new to ssl and certificates, and really need help accessing the ssl server from c#.
This could be unrelated but make sure web service is not in the app_code folder.
I'm using this code from c# to call a php web service that is secured by user/password and certificate:
string wsurl = ConfigurationManager.AppSettings["Url"];
string wsuser = ConfigurationManager.AppSettings["User"];
string wspass = ConfigurationManager.AppSettings["Pass"];
string url = string.Format(wsurl, param1, param2);
System.Net.CredentialCache oCredentialCache = new System.Net.CredentialCache();
oCredentialCache.Add(new System.Uri(url), "Basic",
new System.Net.NetworkCredential(wsuser, wspass));
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Timeout = TIMEOUT;
req.Credentials = oCredentialCache;
req.Method = "GET";
AttachCert(req);
//Get the data as an HttpWebResponse object
WebResponse resp = req.GetResponse();
This works as expected when run from my devel machine but when we upload this to the server I get a Timeout error on the call to GetResponse().
The AttachCert() call is where I attach the certificate to the request, and if I comment this line I don't get the timeout but a correct error saying the call could not be completed because of the missing certificate.
This is the AttachCert code:
public static void AttachCert(HttpWebRequest Request)
{
// Obtain the certificate.
string certpath = ConfigurationManager.AppSettings["CertPath"];
X509Certificate Cert = X509Certificate.CreateFromCertFile(certpath);
ServicePointManager.CertificatePolicy = new CertPolicy();
Request.ClientCertificates.Add(Cert);
}
Any idea why this would work on my machine but not on the server? We tried to remove the certificate on the webservice and the it worked as expected. So there's clearly something strange on that call but I cannot figure what.
Thanks
Vicenç
Try registering this callback and watch for any errors.
public static bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) {
// check for errors
// just return true to accept any certificate (self signed etc)
}
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(MyClass.ValidateRemoteCertificate);
I hope it helps.