0

I'm trying to send HttpWebRequest to a secure website using a client certificate through ASP.NET web app. The app is hosted on IIS under Windows Server 2016. Whenever I try to send a request I'm receiving the following exception: 

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

The tricky part is that it works on my Windows 7 machine. I've managed to simulate at 100% the production environment and I've received the expected response.

Here is the code I'm using to send the request:

ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
request.ClientCertificates.Add(this.Certificate);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
var stream = response.GetResponseStream();
using (StreamReader reader = new StreamReader(stream))
{
     string responseData = reader.ReadToEnd();
     return responseData;
}
double-beep
  • 5,031
  • 17
  • 33
  • 41
super_mario
  • 183
  • 3
  • 11
  • I think you would get a different error were it the case but double check TLS1.2 is enabled - https://www.nartac.com/Products/IISCrypto - Failing that enable Tracing for detailed error messages - https://learn.microsoft.com/en-us/dotnet/framework/network-programming/how-to-configure-network-tracing – Alex K. May 28 '19 at 14:36
  • @AlexK.Thanks for your proposals. It looks like TLS1.2 is enabled. About the tracing.. maybe I don't understand the idea. I already have logging (Event Viewer). The detailed exception says **System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.GetResponse()** and it also points to this line in my code **HttpWebResponse response = (HttpWebResponse)request.GetResponse();** which I've alredy posted. – super_mario May 29 '19 at 11:18
  • If you setup tracing in your app.config you will get much more detail & the specific reason for that failure. – Alex K. May 29 '19 at 12:08
  • I've configure the network tracing. Unfortunately the log file is not generated. I guess this is another story... – super_mario May 29 '19 at 13:13
  • Found a solution. I've updated my post. – super_mario May 29 '19 at 14:07
  • Ah, if you put your private cert in the certificate store, giving the [app pool access permissions](https://stackoverflow.com/questions/7334216/iis7-permissions-overview-applicationpoolidentity) would probably fix the problem. – Alex K. May 29 '19 at 14:17
  • Yeah, there are different ways to tackle access problems. The tricky part was to find root cause. Thanks for guideline though. It really helped me. (: – super_mario May 29 '19 at 19:35
  • @super_mario what was the solution? – RikRak Apr 06 '21 at 08:47

0 Answers0