42

I'm trying to make a request via SSL. The certificate is already installed on the machine and it works via browser.

I am using this request:

System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] data = encoding.GetBytes(request.Content.OuterXml.ToString());
string password = "XXXX";
X509Certificate2 cert = new X509Certificate2("c:\\zzzz.p12", password);
string key = cert.GetPublicKeyString();
string certData = Encoding.ASCII.GetString(cert.Export(X509ContentType.Cert));

Uri uri = new Uri(request.Url);
HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(uri);
myRequest.Credentials = new NetworkCredential(request.User, request.Password.ToString());
myRequest.Method = "PUT";
myRequest.ContentType = request.ContentType;
myRequest.ContentLength = data.Length;
myRequest.ClientCertificates.Add(cert);

Stream newStream = myRequest.GetRequestStream();
newStream.Write(data, 0, data.Length);
newStream.Close();

System.IO.StreamReader st = new StreamReader(((HttpWebResponse)myRequest.GetResponse()).GetResponseStream());

Using this code I get this error:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

What is the problem?

ccellar
  • 10,326
  • 2
  • 38
  • 56
Roger G
  • 1,575
  • 2
  • 10
  • 9
  • 1
    have a look at this post, mayb it can help u to http://stackoverflow.com/questions/703272/could-not-establish-trust-relationship-for-ssl-tls-secure-channel-soap – JohnnBlade Jun 27 '12 at 09:04
  • Possible duplicate of [C# Ignore certificate errors?](http://stackoverflow.com/questions/2675133/c-sharp-ignore-certificate-errors) – Kristopher Johnson Mar 15 '16 at 19:17
  • In the case of Exchange Web Services (EWS), Microsoft's recommended solution is here: https://msdn.microsoft.com/en-us/library/bb408523.aspx – RenniePet Sep 23 '17 at 03:31

4 Answers4

111

I solved the problem with this:

ServicePointManager.ServerCertificateValidationCallback = new        
RemoteCertificateValidationCallback
(
   delegate { return true; }
);
Ralph Willgoss
  • 11,750
  • 4
  • 64
  • 67
Roger G
  • 1,575
  • 2
  • 10
  • 9
  • 31
    This solution could be potential security threat as you are turning off the SSL certificate validation. If this is production code, understand the risk of the server you are connecting to. – Amzath Nov 14 '12 at 19:24
  • How can this be done in Windows Phone 8? ServicePointManager is not in the reference http://cmsresources.windowsphone.com/devcenter/en-us/downloads/064028-microsoft-poster.pdf – MLProgrammer-CiM Nov 26 '12 at 16:31
  • 3
    The issue happened to me when funneling requests from my app through Fiddler. And adding the delegate trick to not validate the cert helped me run my call successfully, as well as to see the response in Fiddler. – Philippe Monnet Sep 18 '16 at 23:16
  • 3
    I downvoted because, as @Amzath says, this circumvents security. It's better to solve the issue at its root (pun intended). – bvgheluwe Dec 01 '16 at 11:08
  • Can someone post the complete code snippet of using ServicePointManger code to make a request? – user2347528 Oct 05 '17 at 20:03
  • @Amzath, any reference to potential security threat? as far as I know this issue mostly happens on self signed certificates – AaA Jul 16 '18 at 13:46
  • This answer solves the issue. Self signed certificates are used on homol/dev environments, the question does not mentions security at all. – Carlos ABS Apr 23 '19 at 20:13
  • @Roger G, Roger that! Thanks for answering your own question and also mine. I voted up both. – Liviu Sosu Mar 16 '20 at 13:05
  • Dangerous code. In the development environment, we can use it for testing purposes but for the production environment, we should never ever rely on this approach. – Sudhakar Chavali Dec 11 '20 at 00:54
2

Make sure your certificate is properly trusted. Has the root certificate been added to the correct certificate store (Trusted Root CA's on Local Machine)?

I encountered this error when the (own made) root certificate for a (self signed) certificate had been added to the Trusted Root CA's for Current User). Moving the root cert to the Root CA store on Local Machine solved my issue.

bvgheluwe
  • 853
  • 7
  • 25
0

You can add the following statement in the function that calls the web-method:

ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return true; });

Hamed Vahedi
  • 9
  • 3
-1

This is client code, right? And you're accessing an HTTPS url, aren't you? I think the problem is with the server certificate, which the client-side TLS stack cannot validate. When you connect to that URL via browser, does it work smoothly or do you see a warning on certificate mismatch?

Vladik Branevich
  • 1,180
  • 8
  • 11
  • Yes this is an client code. Yes im accessing via https. When i connect in browser it work smoothly and dont see any warning.. – Roger G Jun 27 '12 at 09:30
  • 1
    If you feel comfortable with network analyzers (e.g., Wireshark of NetMon) you could simply sniff your traffic and see what host you are really talking to, what certificate does it present and if the TLS handshake completes with or without errors. Otherwise, the link you got for reference is a good start. If this does not help you you can start spilling here more and more details of your setup (URL you're accessing, certificate installed on the server, network configuration - proxies, etc.) – Vladik Branevich Jun 27 '12 at 10:26