C# / Certificate Authentication works on Server 2012 R2 but fails on Server 2019

Hendricks, Brandon 0 Reputation points
2023-04-19T20:03:09.7766667+00:00

Not sure if this is a development issue or a server issue. I wrote a program that uses a client cert for authentication. It works fine on our Windows 2012 R2 server, but fails on our Windows 2019 server. If I output the handler properties, it shows the certificate is present. I have tried with both HttpClientHandler and SocketsHttpHandler. This is happening with both .Net 6 and 7. Also tried adding the intermediate cert before the auth cert, but it makes no difference.

//Using HttpClientHandler
HttpClientHandler handler = new();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
handler.ClientCertificates.Add(authcert);

//Using SocketHttpHandler
SocketsHttpHandler handlera = new();
handlera.SslOptions.ClientCertificates = new X509CertificateCollection();
handlera.SslOptions.ClientCertificates.Add(authcert);
handlera.SslOptions.EnabledSslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13;

//Tried this with both handler and handlera
HttpClient client = new(handler);

HttpResponseMessage response1 = client.GetAsync(url0).Result;
string responseContent1 = response1.Content.ReadAsStringAsync().Result;

On 2012 R2, the expected output from the submitted URL is returned. On 2019, an unknown user error is returned.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,497 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,365 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 43,996 Reputation points
    2023-04-20T14:57:31.8566667+00:00

    Hello there, This issue occurs because the website certificate has multiple trusted certification paths on the web server 2019. For example, assume that the client computer that you're using trusts Root certification authority (CA) certificate (2). And the web server trusts Root CA certificate (1) and Root CA certificate (2). More information here https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/secured-website-certificate-validation-fails Clients can't authenticate with a server after you obtain a new certificate to replace an expired certificate on the server https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/clients-cant-authenticate-server Hope this resolves your Query !! --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

  2. Hendricks, Brandon 0 Reputation points
    2023-04-20T20:12:45.5733333+00:00

    On the 2019 server I added the authentication cert to the system's personal certificate store and it worked. This was not necessary on 2012 R2, but is on 2019.

    0 comments No comments