Home > Software engineering >  Could not create SSL/TLS secure channel when using client certificate from local machine
Could not create SSL/TLS secure channel when using client certificate from local machine

Time:12-16

I am calling an API that requires a client certificate. With the client certificate installed into the Personal store of Current User, the API call is successful. But when the client certificate is installed into the Personal store of Local Machine, the call fails with:

The request was aborted: Could not create SSL/TLS secure channel.

Here is the setup code:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
       | SecurityProtocolType.Tls11
       | SecurityProtocolType.Tls12
       | SecurityProtocolType.Ssl3;            
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return true; };

const StoreName storeName = StoreName.My;
const X509FindType findType = X509FindType.FindByThumbprint;
const string findValue = "9ce5b57fe576b9a0933b426347e74e5583da59dd";

var certCurrentUser = GetCertificate(storeName, StoreLocation.CurrentUser, findType, findValue);
var certLocalMachine = GetCertificate(storeName, StoreLocation.LocalMachine, findType, findValue);

Both calls to GetCertificate() succeed and the certificates appear to be identical. (They were installed from the same .pfx)

When this call is made with certCurrentUser, it succeeds:

WebRequestHandler handler = new WebRequestHandler();
handler.ClientCertificates.Add(certCurrentUser); 
using (var client = new HttpClient(handler))
{
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    var response = await client.GetAsync("https://preprod.xconnectcollection.ce.corp.com/odata");
}

But when the call is made using certLocalMachine, it fails:

WebRequestHandler handler = new WebRequestHandler();
handler.ClientCertificates.Add(certLocalMachine); 
using (var client = new HttpClient(handler))
{
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    var response = await client.GetAsync("https://preprod.xconnectcollection.ce.corp.com/odata");
}

Error:

The request was aborted: Could not create SSL/TLS secure channel.

What could be causing the request to fail when using the client certificate from local machine?

CodePudding user response:

Ensure that the account running the application has full permissions to the certificate's private key.

enter image description here

enter image description here

Page link:https//www.codepudding.com/Softwareengineering/229739.html

Prev:How Can I Map Select With AutoMapper
Next:Detecting the change in inputs (jQuery)
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding