Share via

C# / Certificate Authentication works on Server 2012 R2 but fails on Server 2019

Hendricks, Brandon 0 Reputation points
2023-04-19T20:03:09.7766667+00:00

Not sure if this is a development issue or a server issue. I wrote a program that uses a client cert for authentication. It works fine on our Windows 2012 R2 server, but fails on our Windows 2019 server. If I output the handler properties, it shows the certificate is present. I have tried with both HttpClientHandler and SocketsHttpHandler. This is happening with both .Net 6 and 7. Also tried adding the intermediate cert before the auth cert, but it makes no difference.

//Using HttpClientHandler
HttpClientHandler handler = new();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
handler.ClientCertificates.Add(authcert);

//Using SocketHttpHandler
SocketsHttpHandler handlera = new();
handlera.SslOptions.ClientCertificates = new X509CertificateCollection();
handlera.SslOptions.ClientCertificates.Add(authcert);
handlera.SslOptions.EnabledSslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13;

//Tried this with both handler and handlera
HttpClient client = new(handler);

HttpResponseMessage response1 = client.GetAsync(url0).Result;
string responseContent1 = response1.Content.ReadAsStringAsync().Result;

On 2012 R2, the expected output from the submitted URL is returned. On 2019, an unknown user error is returned.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,613 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,648 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,121 Reputation points
    2023-04-20T14:57:31.8566667+00:00

    Hello there, This issue occurs because the website certificate has multiple trusted certification paths on the web server 2019. For example, assume that the client computer that you're using trusts Root certification authority (CA) certificate (2). And the web server trusts Root CA certificate (1) and Root CA certificate (2). More information here https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/secured-website-certificate-validation-fails Clients can't authenticate with a server after you obtain a new certificate to replace an expired certificate on the server https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/clients-cant-authenticate-server Hope this resolves your Query !! --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments
  2. Hendricks, Brandon 0 Reputation points
    2023-04-20T20:12:45.5733333+00:00

    On the 2019 server I added the authentication cert to the system's personal certificate store and it worked. This was not necessary on 2012 R2, but is on 2019.

    0 comments