Share via

X509Certificate Client Authentication

Kuler Master 266 Reputation points
2023-02-02T14:44:17.87+00:00

Hello guys,

I have the following code that was working perfectly fine for 3 years already. 

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                       | SecurityProtocolType.Tls11
                       | SecurityProtocolType.Tls12
                       | SecurityProtocolType.Tls13
                       | SecurityProtocolType.Ssl3;

X509Certificate certificate = new X509Certificate(certPath, certPass);

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(ServiceURL);
request.ClientCertificates.Add(certificate);

It's a very simple code that makes a request against the web service using certificate (PKCS #12) for authentication. The old certificate is about to expire so they sent us a new certificate. So far so good.

I installed the new certificate on the server as usually through the MMC. Then I replaced the physical cert file so that certPath variable refers to the new file.

It worked fine but it lasted for several hours. Then I started getting the following exception:

The request was aborted: Could not create SSL/TLS secure channel.

Then I restored the old file and the code started working again.

Meaning, both certificates are imported to the machine and current user stores respectively. Could that be an issue?

Thank you so much in advance

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,417 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,648 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
712 questions
Accepted answer
  1. Limitless Technology 44,121 Reputation points
    2023-02-03T17:12:53.1033333+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.

    The "The request was aborted: Could not create SSL/TLS secure channel" error can occur due to multiple reasons, here are some things to check:

    1. Certificate Validity: Make sure the new certificate is still valid and has not expired. You can check this by opening the certificate in the certificate manager.
    2. Certificate Trust: Ensure that the certificate has been imported into the Trusted Root Certification Authorities store on the machine. If it's not trusted, the SSL/TLS secure channel can't be established.
    3. Cipher Suites: Make sure that the cipher suites used by the server are supported by the client code. The server might have enabled or disabled specific cipher suites, which can cause the "The request was aborted: Could not create SSL/TLS secure channel" error.
    4. Protocol Versions: The server might have enabled or disabled specific protocols (e.g. TLS 1.2), which can cause the client code to fail. Ensure that the SecurityProtocol settings in the client code are compatible with the server.
    5. Firewall: Ensure that the firewall is not blocking the SSL/TLS connection.

    Try troubleshooting these potential issues one by one and see if any of them resolve the problem. If not, you may want to get more information about the server setup and certificate configuration to determine the root cause of the error.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,121 Reputation points
    2023-02-03T17:13:17.9+00:00

    Double post

    0 comments