Home > other >  Azure to Azure API call: The remote certificate is invalid because of errors in the certificate chai
Azure to Azure API call: The remote certificate is invalid because of errors in the certificate chai

Time:10-19

My .net6/C# client webapp is deployed to azure app service which is making a call you an API (hosted on an Azure VM) My API requires MSAL authentication.Client app is authenticated successfully, but the actual API call is failing with the following error message :

The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request

Note that I am able to make successful API calls if I run the client web app from my local system.

This exception error is happening for azure AppService to Azure API calls only. My Client webapp as well as the API are internal to our company. The SSL certificate being used for the API is issued from my org only.

I got the same PFX certificate used for the API and uploaded to the AppService pfx certificate section.But still I am getting the same error message.

The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

Do I need to do anything other than uploading the pfx to the certificate section of the Azure app service.

Any helpful pointers to proper documentation to help me resolve this error?

Anyone came across this scenario? Any thoughts ? The pfx certificate is not from any public ceriticate authority. is that the real issue here ?

CodePudding user response:

You'll need to put your org's public key (belonging to the private key that signed the certificate) in the VM's trusted root certificate store.

  • Related