2

UPD: This code work in windows server 2012, but dont work in windows 7,8,10. And i haven't any idea why

I am trying to make post request to some service that allows only https connection. But i get error

The request was aborted: Could not create SSL/TLS secure channel

My code

using (var client = new HttpClient())
{
    ServicePointManager.Expect100Continue = true;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
    ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
    var response = await client.PostAsync(ApiAddress, content);
    var xml = await response.Content.ReadAsStringAsync();

    var transaction = DeserializeXml<StationsResponseTransaction>(xml);
    return transaction;
}

This service gave certificate (.crt) and private key (.pem) files. Maybe i need to use these files? But how?

UPDATE: I tried create pfx certificate and add it in WebRequestHandler 

WebRequestHandler handler = new WebRequestHandler();
X509Certificate2 certificate = new X509Certificate2("Certificate.pfx", "password");
handler.ClientCertificates.Add(certificate);

and use handler in client new HttpClient(handler)

But i got same error

UPDATE: Just tested this request in postman - working fine, when server's certificate accepted from google crhome. But how to accept certificate from C# httpclient?

ServicePointManager's ServerCertificateValidationCallback event not called

JHobern
  • 866
  • 1
  • 13
  • 20
Stas Petrov
  • 315
  • 5
  • 17
  • Is the certificate signed with a trusted root certificate (even your own self-generated one)? – Jasen Jun 08 '17 at 19:24
  • Maybe the server doesn't support the protocols or ciphers you need. You can check with ssllabs: https://www.ssllabs.com/ssltest/ – Julian Jun 08 '17 at 19:27
  • @Jasen i dont know, and i dont know how to do this – Stas Petrov Jun 08 '17 at 19:32
  • You basically use Powershell to 1) create the signing cert 2) install the cert to your trusted certificates 3) create the (second) cert your application uses, **signed by the trusted cert**. – Jasen Jun 08 '17 at 19:55
  • I used this guy's guide in the past: http://blog.davidchristiansen.com/2016/09/howto-create-self-signed-certificates-with-powershell/ – Jasen Jun 08 '17 at 19:58
  • @ Kaushal yes, i am tried with WebRequestHandler.ServerCertificateValidationCallback - same situation, callback not even hitting – Stas Petrov Jun 14 '17 at 14:29
  • @Kaushal can you say more about how to find it? T – Stas Petrov Jun 14 '17 at 14:31
  • @StasPetrov use X509Store() for more detail https://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint and https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store(v=vs.110).aspx – Kaushal Jun 14 '17 at 14:48

1 Answers1

0

Make .cer file from your .pfx, and then install it to trusted folder in local. Then make client .cer from .pfc, and use it in solution (don't install it).

Nenad
  • 316
  • 2
  • 14