Unable to bypass the certificate validation when trying to access APIs from a web application which has its own certification
Unable to bypass the certificate validation when trying to access APIs from a web application which has its own certification
Hi All,
I m facing issue when I m trying to access a Service management API to create/ fetch a ticket through my web application "XYZ" which has its own certificate.
When I try to access the same GET POST APIs from Postman or C# Console app, I am able to create the tickets & fetch them.
I have tried to bypass the certificate validation using following code.
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
Still the web application tries to do the SSL validation.
Here is the code:
var client = new HttpClient();
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
var request = new HttpRequestMessage(HttpMethod.Post, "https://abc.com:31234/bsmc/rest/events/XYZ");
var content = new StringContent("{"assigned_group":" +
"{"obm_group_uuid":"uniqueID"}," +
""related_ci_hints":{"hint":"Consensus Cloud Solutions - SST (ENT)"}," +
""original_id":"test run id","Id":null,"title":"Failed script to handle the exception"," +
""description":"Error connecting to meditech.Initialized Logger at 4/25/2024 7:59:55 AM Time out:454342"," +
""severity":"MINOR","application":"XYZ"," +
""groupId":null,"configItem":null,"category":"","sub_category":""}", null,
"application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
This code throws exception of Certificate mismatch.
The SSL connection could not be established, see inner exception.
The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__175`1.MoveNext()
at System.Net.Security.SslStream.<ProcessAuthenticationWithTelemetryAsync>d__172.MoveNext()
at System.Net.Http.ConnectHelper.<EstablishSslConnectionAsync>d__2.MoveNext()
For the above issue. I have added the self-signed certificate "https://abc.com:31234/bsmc/rest/events/XYZ" POST API to the certificates & added the user defined certificate validation using x509 certificate & X509 Chain errors. I was able to pass through the certificate mismatch error. But the response from the POST & GET API is success OK 200. There is no ticket generated in the service management.
Can anyone help me with this certificate mismatch issue or let me know how we can access the APIs in a web application(which already has its own certificates)