Solved: Re: Could not create SSL/TLS secure channel / C# V...

linconcr

Hi,

We have a c# code that connects to VISA VMORC API in order to download some offers. The code used to work fine but now we are getting an annoying message related to SSL/TLS secure channel. Here is a summary of the issue and what we have tried so far:

- There is a .p12 certificate installed that works fine with SOAPUI application;

- The code is from the GIT examples. We tried all combinations of ServicePointManager in order to test the connection settings:

ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AcceptAllCertifications); // returns true
ServicePointManager.Expect100Continue = true;

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

- We have given permissions on certificate private keys to users: "Everyone", "Network Services" and IIS account;

- We installed the certificate on Windows MMC (under personal and Trusted Root Certification Authorities);

I am sending the code we are using below (without user data and passwords)

            string requestURL = "https://api.visa.com/" + path;
            string userId = "";
            string password = "";
            string certificatePath = @"C:\Certificados\hvmorc.p12";
            string certificatePassword = "";
            statusCode = "";
            LogRequest(requestURL, requestBodyString);

            X509Certificate2 certificate = new X509Certificate2(certificatePath, certificatePassword, X509KeyStorageFlags.Exportable);

            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); // we also tried LocalMachine to no avail

            store.Open(OpenFlags.ReadWrite);
            store.Add(certificate);
            store.Close();

            ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AcceptAllCertifications);
            ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
            
            HttpWebRequest request = WebRequest.Create(requestURL) as HttpWebRequest;
            request.Method = method;

            request.Headers["Authorization"] = GetBasicAuthHeader(userId, password);
            request.Headers["x-correlation-id"] = GetCorrelationId();
            request.PreAuthenticate = true;
            request.ClientCertificates.Add(certificate);
            

            HttpWebResponse response = request.GetResponse() as HttpWebResponse;

The error we are getting is:

AcquireCredentialsHandle() failed with error 0X8009030D.
Exception in HttpWebRequest#60537518:: - The request was aborted: Could not create SSL/TLS secure channel..

It seems like a certificate error, but it works with SOAP UI. Any suggestions on what to do here to debug this problem?

Thanks,

Lincon

jvenkata

Hi Lincoln,

Please check the following. I see that you have already tried out the third option below, but please make sure if your IIS server can read the certificates .

Try rebuilding key certificate bundle for .NET developers. Note there is no -certfile attribute in the below command.

$ openssl pkcs12 -export -out myProject_keyAndCertBundle.p12 -inkey key_63973e0f-6bae-4ae0-98b9-5f6tg153ce2e.pem -in cert.pem

If you need to go through a proxy then the HttpWebRequest.Proxy property needs to be set in the code
Check if application user did not have enough access rights to the certificates. See the following link -> https://stackoverflow.com/questions/2609859/how-to-give-asp-net-access-to-a-private-key-in-a-certifi...

Let us know what you find.

Thank you,

Jai

linconcr

Hi Jai,

The solution you sent worked perfectly!

Thank you very much!!!

Lincon

Dorothy45

Your content helped me a lot to take my doubts, thank you very much.

www.diebestetest.de

jvenkata

Hi Dorothy,

You're Welcome !! Glad it helped !!

Thanks,

Jai

OrlinAlvarado

I had the same issue,

My "myProject_keyAndCertBundle.p12" had working right on Soap UI, but it was not working on Visual Studio 2019, but now it is working Right.

Thanks for your help.

Re: Could not create SSL/TLS secure channel / C# VMORC call

Could not create SSL/TLS secure channel / C# VMORC call

Re: Could not create SSL/TLS secure channel / C# VMORC call

Re: Could not create SSL/TLS secure channel / C# VMORC call

Re: Could not create SSL/TLS secure channel / C# VMORC call

Re: Could not create SSL/TLS secure channel / C# VMORC call

Re: Could not create SSL/TLS secure channel / C# VMORC call