Adding TLS certificate to the API request with exception: The request was aborted: Could not create SSL/TLS secure channel

Question

To be able to use some API, I have to use the TLS certificate (in 1.1 version).

My code looks like:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://someapi/request/");

request.Method = "POST";
request.ContentType = "application/json";
request.ContentLength = Encoding.UTF8.GetByteCount(postData);
request.KeepAlive = false;

request.ProtocolVersion = HttpVersion.Version11;

ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

X509Certificate2 certificate = new X509Certificate2(@"d:\TLScertificate.p12", "password");  

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

try
{
    store.Open(OpenFlags.ReadWrite);

    if (!store.Certificates.Contains(certificate))
    {
        store.Add(certificate);
    }

    int indexOfCertificate = store.Certificates.IndexOf(certificate);
    certificate = store.Certificates[indexOfCertificate];
}
finally
{
    store.Close();
}

request.ClientCertificates.Add(certificate);
request.PreAuthenticate = true;

using (StreamWriter writer = new StreamWriter(request.GetRequestStream())) // Exception
{
}

During request.GetResponse() I always get exception: The request was aborted: Could not create SSL/TLS secure channel.

The provider answered me that:

There need be,

Root Ca v1 test.pem in your Truststore and TLSCertificate in your Keystore

Please, advise me what should I do with the file .pem ? It should be added to the request, the same as the TLScertificate.p12 file? When I add second X509Certificate2 (without any password) to the request, I still get the same error.

score 0 · Answer 1 · edited May 23 '17 at 12:23

0

First, you can use the loaded cert right away to the request

   X509Certificate2 certificate = new X509Certificate2(@"d:\TLScertificate.p12", "password");
    request.ClientCertificates.Add(certificate);

The pem file has to be imported into your computers KeyStore mmc -> File -> Add/Remove Snap-in -> Certificates

This can help converting pem to crt Convert .pem to .crt and .key

edited May 23 '17 at 12:23

Community

1
1

answered Feb 01 '16 at 11:08

dave000

116
4

But when I install TLScertificate.p12, the ROOT CA.pem is also installed automatically and I can see it in Trusted Root Certification Authorities in mmc. Still, I get the same exception... – user3146344 Feb 01 '16 at 11:22
Try this to ensure that your machine accepts the remote cert `request.ServerCertificateValidationCallback = certcallback; private static bool certcallback( object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; }` If after that you still have problems it possible that you were given a bad cert... I had the same problem. Debugged for one day... – dave000 Feb 01 '16 at 11:53
I have added this callback, unfortunately exception is the same. – user3146344 Feb 01 '16 at 11:59
Sorry... no clue, but you can try this: http://stackoverflow.com/questions/5112515/httpwebrequest-results-in-the-request-was-aborted-could-not-create-ssl-tls-sec – dave000 Feb 01 '16 at 13:48

Adding TLS certificate to the API request with exception: The request was aborted: Could not create SSL/TLS secure channel

1 Answers1