Hello there, This issue occurs because the website certificate has multiple trusted certification paths on the web server 2019. For example, assume that the client computer that you're using trusts Root certification authority (CA) certificate (2). And the web server trusts Root CA certificate (1) and Root CA certificate (2). More information here https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/secured-website-certificate-validation-fails Clients can't authenticate with a server after you obtain a new certificate to replace an expired certificate on the server https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/clients-cant-authenticate-server Hope this resolves your Query !! --If the reply is helpful, please Upvote and Accept it as an answer--
C# / Certificate Authentication works on Server 2012 R2 but fails on Server 2019
Not sure if this is a development issue or a server issue. I wrote a program that uses a client cert for authentication. It works fine on our Windows 2012 R2 server, but fails on our Windows 2019 server. If I output the handler properties, it shows the certificate is present. I have tried with both HttpClientHandler and SocketsHttpHandler. This is happening with both .Net 6 and 7. Also tried adding the intermediate cert before the auth cert, but it makes no difference.
//Using HttpClientHandler
HttpClientHandler handler = new();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
handler.ClientCertificates.Add(authcert);
//Using SocketHttpHandler
SocketsHttpHandler handlera = new();
handlera.SslOptions.ClientCertificates = new X509CertificateCollection();
handlera.SslOptions.ClientCertificates.Add(authcert);
handlera.SslOptions.EnabledSslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13;
//Tried this with both handler and handlera
HttpClient client = new(handler);
HttpResponseMessage response1 = client.GetAsync(url0).Result;
string responseContent1 = response1.Content.ReadAsStringAsync().Result;
On 2012 R2, the expected output from the submitted URL is returned. On 2019, an unknown user error is returned.
2 answers
Sort by: Most helpful
-
-
Hendricks, Brandon 0 Reputation points
2023-04-20T20:12:45.5733333+00:00 On the 2019 server I added the authentication cert to the system's personal certificate store and it worked. This was not necessary on 2012 R2, but is on 2019.