Visa Developer Community

JP
Helper

Could not create SSL/TLS secure channel

I just downloaded sample code from https://github.com/visa/SampleCode.git. When I run C# sample for FundsTransferTest, it failed with this error, "Could not create SSL/TLS secure channel". 

 

How do I fix it? Is it my firewall, cert, or something else?

 

thanks,

 

JP

8 REPLIES
Helper

Re: Could not create SSL/TLS secure channel

Hi JP,
We had similar problem.
Make sure that you create p12 file using command from github "openssl pkcs12 -export -out p12certfile.p12 -inkey key.pem -in cert.pem"

Also add

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

before you connection.
We added it to DoMutualAuthCall method.
Valued Supporter

Re: Could not create SSL/TLS secure channel

Hi @JP

 

Add the below lines in your code before line 64 inVisaAPIClient.cs and try again.

 

  ServicePointManager.Expect100Continue = true;

  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

 

Thank you, 

Vaibhav 

JP
Helper

Re: Could not create SSL/TLS secure channel

Thank you for the help. Tried that and it still failed the same way. I think the problem is I do not have any trusted publisher on my computer (Windows Server). Anyone knows who is the publisher of the certs we use in the test code?

JP
Helper

Re: Could not create SSL/TLS secure channel

It is not cert problem. It is where the ServicePointManager calls are. It has to be right before the request is created. Now it is returning 400 (Bad Request). I didn't change any of the request body. That's strange.

 

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
HttpWebRequest request = WebRequest.Create(requestURL) as HttpWebRequest;

JP
Helper

Re: Could not create SSL/TLS secure channel

Here is my post body:

 

{
"systemsTraceAuditNumber":350420,
"retrievalReferenceNumber":"401010350420",
"localTransactionDateTime":"2018-08-09T04:21:19",
"acquiringBin":409999,
"acquirerCountryCode":"101",
"senderAccountNumber":"1234567890123456",
"senderCountryCode":"USA",
"transactionCurrencyCode":"USD",
"senderName":"John Smith",
"senderAddress":"44 Market St.",
"senderCity":"San Francisco",
"senderStateCode":"CA",
"recipientName":"Adam Smith",
"recipientPrimaryAccountNumber":"4957030420210454",
"amount":"112.00",
"businessApplicationId":"AA",
"transactionIdentifier":234234322342343,
"merchantCategoryCode":6012,
"sourceOfFundsCode":"03",
"cardAcceptor":{
    "name":"John Smith",
    "terminalId":"13655392",
    "idCode":"VMT200911026070",
    "address":{
        "state":"CA",
        "county":"081",
        "country":"USA",
        "zipCode":"94105"
        }
    },
    "feeProgramIndicator":"123"
}
Valued Supporter

Re: Could not create SSL/TLS secure channel

Hi JP, 

 

As suggested by Milioner, Kindly make sure that you create p12 file using command from github "openssl pkcs12 -export -out p12certfile.p12 -inkey key.pem -in cert.pem". Please note the absence of the -certfile attribute. There is a peculiarity with the way the p12 is built for .NET where the file included in -certfile can only contain root certificates.

 

Kindly share the x-correlation-id from response header and the complete response to troubleshoot further.

 

Thank you, 

Vaibhav 

Highlighted
JP
Helper

Re: Could not create SSL/TLS secure channel

Thank you, Vaibhav! You are right. It is the P12 file problem. I was using openssl installed by Git. Downloaded another version of openssl (1.0.2n) and regenerated the P12 file. Now it is different:

 

Response Body:
{
"errorMessage" : "API Validation Error: 3001. Transaction to Recipient Card Country is restricted by the Sender Institution "
}

JP
Helper

Re: Could not create SSL/TLS secure channel

Response Headers:
X-SERVED-BY: l55c012
X-CORRELATION-ID: 1533881655_325_89_l55c012_VDP_ARM
X-Backside-Transport: FAIL FAIL,FAIL FAIL
X-APP-STATUS: 400
X-Application-Error-Code: 3001
X-Global-Transaction-ID: 441431557
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2592000;includeSubdomains
Pragma: no-cache
Content-Language: en-US
X-Cnection: close,close
Connection: close
Content-Length: 131
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: application/json;charset=UTF-8
Date: Fri, 10 Aug 2018 06:14:15 GMT
Expires: -1
Server: Apache