We have a c# code that connects to VISA VMORC API in order to download some offers. The code used to work fine but now we are getting an annoying message related to SSL/TLS secure channel. Here is a summary of the issue and what we have tried so far:
- There is a .p12 certificate installed that works fine with SOAPUI application;
- The code is from the GIT examples. We tried all combinations of ServicePointManager in order to test the connection settings:
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AcceptAllCertifications); // returns true ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
- We have given permissions on certificate private keys to users: "Everyone", "Network Services" and IIS account;
- We installed the certificate on Windows MMC (under personal and Trusted Root Certification Authorities);
I am sending the code we are using below (without user data and passwords)
string requestURL = "https://api.visa.com/" + path; string userId = ""; string password = ""; string certificatePath = @"C:\Certificados\hvmorc.p12"; string certificatePassword = ""; statusCode = ""; LogRequest(requestURL, requestBodyString); X509Certificate2 certificate = new X509Certificate2(certificatePath, certificatePassword, X509KeyStorageFlags.Exportable); X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); // we also tried LocalMachine to no avail store.Open(OpenFlags.ReadWrite); store.Add(certificate); store.Close(); ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AcceptAllCertifications); ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; HttpWebRequest request = WebRequest.Create(requestURL) as HttpWebRequest; request.Method = method; request.Headers["Authorization"] = GetBasicAuthHeader(userId, password); request.Headers["x-correlation-id"] = GetCorrelationId(); request.PreAuthenticate = true; request.ClientCertificates.Add(certificate); HttpWebResponse response = request.GetResponse() as HttpWebResponse;
The error we are getting is:
AcquireCredentialsHandle() failed with error 0X8009030D. Exception in HttpWebRequest#60537518:: - The request was aborted: Could not create SSL/TLS secure channel..
It seems like a certificate error, but it works with SOAP UI. Any suggestions on what to do here to debug this problem?
Solved! Go to Solution.
Please check the following. I see that you have already tried out the third option below, but please make sure if your IIS server can read the certificates .
$ openssl pkcs12 -export -out myProject_keyAndCertBundle.p12 -inkey key_63973e0f-6bae-4ae0-98b9-5f6tg153ce2e.pem -in cert.pem
Let us know what you find.