c# web api The SSL connection could not be established, see inner exception on external request

Question

c# web api The SSL connection could not be established, see inner exception on external request

Renan Paiva 11

Hi everyone,

My application works ok on my pc (classic) but after deployed to Azure Windows Web App I've stated to get the following error: The SSL connection could not be established, see inner exception. Authentication failed, see inner exception. The credentials supplied to the package were not recognized

This error occurs when my app try to request a rest api that uses mtls authentication.

User's image

I've tried to deploy on a VM at Azure and works, but isn't what I want.

Best regards,

Renan Paiva

brtrach-MSFT 17,731 Reputation points Microsoft Employee Moderator

2023-02-24T02:37:28.8266667+00:00

@Renan Paiva Please let us know if the below answer was helpful by marking it as an answer. If you have further questions or concerns, please reply to this comment and we would be happy to assist you further.
Maria Eduarda 0 Reputation points

2023-08-24T12:50:45.2666667+00:00

Bom dia, Renan! Tudo bem?

Você encontrou uma solução para o problema?

1 answer

Your answer

brtrach-MSFT 17,731 Reputation points Microsoft Employee Moderator

2023-02-24T02:37:28.8266667+00:00

@Renan Paiva Please let us know if the below answer was helpful by marking it as an answer. If you have further questions or concerns, please reply to this comment and we would be happy to assist you further.
Maria Eduarda 0 Reputation points

2023-08-24T12:50:45.2666667+00:00

Bom dia, Renan! Tudo bem?

Você encontrou uma solução para o problema?

Answer 1

This error message is indicating that the client certificate that your application is using to authenticate with the REST API is not being recognized. This could be due to a number of reasons, including incorrect certificate format, incorrect certificate chain, or incorrect certificate data.

You can try the following steps to troubleshoot the issue:

Validate that the certificate chain uploaded was in the right format (PEM) and that the certificate data was properly delimited.
Check that the certificate file uploaded contained the certificate data in addition to the delimiters.
Double check the certificate chain that was uploaded contained more than just the leaf certificate. The BasicConstraintsOid = "2.5.29.19" extension should be present and indicate the subject can act as a CA.
Certificates uploaded must contain exactly one root CA certificate (and however many intermediate CA certificates as needed).

You can find more information on troubleshooting mutual authentication on Azure Application Gateway in this link.

If you are still facing the issue, you can try to access the client certificate in your app code and validate it. In App Service, TLS termination of the request happens at the frontend load balancer. When forwarding the request to your app code with client certificates enabled, App Service injects an X-ARR-ClientCert request header with the client certificate. You can access the client certificate in your app code through a base64 encoded value in the X-ARR-ClientCert request header.

You can find more information on how to access client certificate in Azure App Service in this link.

Diwakar Datta 0 Reputation points

2024-05-31T13:07:03.76+00:00

Enable the service end point under networking section it was working for us

Share via

c# web api The SSL connection could not be established, see inner exception on external request

1 answer

Your answer