I am running a program to connect to a data service and extract data. The Program creates excels. I am getting the below error while it tries to establish connection with the Source.
Message=The SSL connection could not be established, see inner exception.
Inner Exception 1:
AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotTimeValid
Any way to bypass these certificate issues, when Iam able to loging to the front end in Firefox why cudnt I run the API.
Related
TLDR: Webservice call through https works from another computer but from local server (itself) it gives "System.Security.Authentication.AuthenticationException, System.Net.WebException The remote certificate is invalid according to the validation procedure".
I have a website (EDIT: the website itself in not on https, just on http. It is accessed via a dns name that is bound to a website through IIS bindings.) and a webservice, both running on a server with hostname and ip-address.
(I'm probably not allowed to disclose the actual names and addresses).
Corporate CA CA issued a certificate, with the following properties (among others):
Issuer: CA
Subject: CN = hostname
Subject Alternative Name: IP Address = ip-address
I deleted the http binding in IIS for webservice, leaving only the https.
Type
Host Name
Port
IP Address
Binding Information
https
443
ip address
Website calls service using url:
https://ip-address/service.asmx
and code:
using (WebResponse webResponse = request.GetResponse()) {
do stuff...
}
the "GetResponse()" function throws several errors in a row:
Exception thrown: 'System.Security.Authentication.AuthenticationException' in System.dll
Exception thrown: 'System.Security.Authentication.AuthenticationException' in System.dll
Exception thrown: 'System.Security.Authentication.AuthenticationException' in System.dll
Exception thrown: 'System.Security.Authentication.AuthenticationException' in System.dll
Exception thrown: 'System.Security.Authentication.AuthenticationException' in System.dll
Exception thrown: 'System.ObjectDisposedException' in System.dll
Exception thrown: 'System.Net.WebException' in System.dll
Exception thrown: 'System.Net.WebException' in System.dll
The exception message is:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Inner exception:
The remote certificate is invalid according to the validation procedure.
I have an exact copy of the website - website_local, that makes a call to the same service. That makes it a remote call (from my pc to the server). And it works without exceptions. There is no http binding anymore, so there is no way the connection is not secure.
If I go to "https://ip-address/service.asmx" with Chrome from both my pc and the server it says that the connection is secure and the certificate is valid and trusted (because of CA certificate being present in "Trusted Root")
What i did so far:
On a server put the certificate in both "LocalComputer\Personal" and "LocalComputer\Trusted Root Certification Authorities"
Put the localhost certificate into "LocalComputer\Trusted Root Certification Authorities"(it already is present in "Personal")
Ensured that CA certificate is in "LocalComputer\Trusted Root Certification Authorities"
For certificate in LocalComputer\Personal did: "All tasks -> Manage private keys -> Add -> IIS_IUSRS -> Full control and Read". (localhost certificate already had that setting).
Tried switching url from "https://ip-address/service.asmx" to "https://localhost/service.asmx" and "https://hostname/service.asmx" - not worked in code and Chrome (my pc and server) says, that the connection now is not secure and NET::ERR_CERT_COMMON_NAME_INVALID.
So the question is:
Why the call from my local website works to the service (a remote call), but fails when the actual website makes a call to the same service (same server call)?
UPD 1: If I try to call the same service using Postman with SSL verification enabled, it says: "Unable to verify the first certificate".
Why does it works in code then?
I can request another certificate from company's CA, but I need specifications.
Can someone please elaborate on that? Current certificate has both hostname and ip-address and should be valid for any service on that website, shouldn't it?
So this is how we finally did it:
Registered a dns-name inside corporate LAN;
Issued a new certificate for that specific name, without binding it to a server's ip-address;
Added the new dns-name as hostname in IIS and added a new certificate.
Changed the connection string to https://dns-name/service.asmx
And it works!
My best guess is that #zaitsman was right about why it didn't work from server itself, but worked from my pc.
Does your certificate also have 127.0.0.1 and ::1 addresses? because most likely >when you're calling self over web underlying TCP stack just loops back after DNS >resolution.
Client Application(core 3.1) not redirect to Identity Server 4(core 3.1) application after hosted in iis. can any one tell me reasons
Exceptions:
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://***********/IdentityServer/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Thank You
As the error says:
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
The certificate you are using is invalid, hence re-check the validity and use the valid one.
I am trying to connect the production Rest API, the api url starts with "https://"
I have been told that i have to use the certificate to connect the API. When i try to connect the api without certificate i am getting error as
Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel
I have received the Key store file which is already using in java to connect the same production rest api.
With the help of KeyStore file how do i use in C#. Any help appreciate.
Update:
Now we were able to connect the Rest api with the help of below line in from local development environment.
System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
Now we deployed the code in Stage, Now we are receiving the below error
error "Logging Error : System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException:
The remote server returned an error: (407) Proxy Authentication Required.\r\n at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)\r\n at
System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)\r\n --- End of inner exception stack trace ---One or more errors occurred."
Help me Please.
We are connecting to a specific website using a TLS connection. We are enforcing TLS 1.2 as the only allowed protocol in the client code. In about 99% of all cases connection setup is OK and shows no errors. However from time to time we receive the following exception:
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The buffers supplied to a function was too small
--- End of inner exception stack trace ---
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at Fw.Connections.Ssl.Private.ClientInstance.AuthenticateClientCallback(IAsyncResult result);
We have tested the remote server with SSL labs and we receive an A+ with no failures or problems reported, it's not a server under our control so the remote environment is not very well known.. We have tested the client code on Windows server 2012 (datacenter) and Windows7 clients. Both show the error from time to time. Is this a known bug in the .NET framework?
I have a really strange issue when Visual Studio resolves the server SSL certificate.
The API I am using requires me to send a certificate along with the request to 'verify who I am'. Initially I referred to this certificate within my UnitTest using X509Certificate2 and then importing it as a byte[]. What I didn't want to do, is have this laying around in my code referring to a specific location on my local disk (I want to run the unit tests automatically on my build server) so opted to install the certificate within the certificate store (which I could later install on the build server). And when I tested this Uri within the browser (IE) it asked for the certificate I wanted to use and rather stupidly I clicked OK without really reading what it was asking me to do.
Problem is, since doing this I am unable to run my unit test (I am making an HttpWebRequest) - as soon as it hits the following line it throws a WebException.
using (var response = request.GetResponse())
{
// Removed content ...
}
The exception response is null , here is the exception
System.Net.WebException: The underlying connection was closed: An
unexpected error occurred on a receive. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was
forcibly closed by the remote host
The only reason I can see for this error is that Visual Studio is using the wrong SSL certificate for the server connection (as I am using the test API Uri, I can verify this is sort of the case by using the live API Uri which works fine)
I have tried the following:
Removing the certificate from the store
Adding the certificate back to the store
Clearing all browser cache
Restoring IE back to 'factory settings'
Clearing the SSL cache within IE
Tried setting Keepalive to true and then false
This issue was affecting all browsers but I have managed to get it working. I have tried to use Fiddler to identify if the server is doing something crazy (including decrypting SSL connections) and I can see this is actually responding with a 403 error.
Has anyone else got any ideas?
Edit
Just tried to run this on the build server, still get the same error so I will check with the API provider to see if a/ my certificate has expired b/ their service is actually up!
System.Net.WebException: The underlying connection was closed: An
unexpected error occurred on a receive. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was
forcibly closed by the remote host
Issue was with the API provider.