Azure AD B2c Custom script Rest api error

lokesh kumar 0 Reputation points
2023-11-17T10:42:03.8533333+00:00

Hi

When I am calling rest api from the custom script I get following error

"Message": "The remote certificate is invalid according to the validation procedure.",

"Message": "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,744 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,660 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 17,886 Reputation points
    2023-11-17T18:58:00.3+00:00

    The error messages you're encountering when calling a REST API from a custom script are related to SSL/TLS certificate validation issues. These errors often occur when the client (your script) is not able to verify the authenticity of the server's SSL certificate. Let's address each error separately and provide potential solutions.

    Error: "The remote certificate is invalid according to the validation procedure."

    This error suggests that the SSL certificate of the server you are trying to connect to is either expired, self-signed, or not issued by a trusted Certificate Authority (CA).

    Possible Solutions:

    1. Verify Server Certificate: Ensure that the server's SSL certificate is valid, not expired, and issued by a recognized CA. You can check the certificate details by visiting the API URL in a web browser and inspecting the certificate.
    2. Update Your System's Certificate Store: Make sure your system's certificate store is up-to-date. This store contains trusted CAs, and updating it can help your script recognize and trust the server's certificate.
    3. Ignore SSL Certificate in Development Environment: If you're in a development environment and understand the risks, you can modify your script to bypass SSL certificate validation. This is generally not recommended for production environments due to security risks. Here's an example in C#:
         ServicePointManager.ServerCertificateValidationCallback += 
             (sender, cert, chain, sslPolicyErrors) => true;
      

    Error: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

    This error typically occurs when the client is unable to establish a secure connection with the server, often due to SSL/TLS handshake issues.

    Possible Solutions:

    1. TLS Version Compatibility: Ensure your client (the script) is using a TLS version that is compatible with the server. For instance, if the server requires TLS 1.2, your script must also use TLS 1.2 for the connection. Example in C#:
         ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
      
    2. Check Intermediate Certificates: Sometimes, the server might be configured with an intermediate certificate that is not in your client's certificate store. Ensure that all necessary intermediate certificates are installed.
    3. Network Issues: Verify that there are no network-related issues causing the connection problem. This includes firewalls, proxies, or other network security measures that might be blocking or altering the SSL/TLS traffic.
    4. Server Configuration: Check the server's SSL/TLS configuration for any misconfigurations or unsupported settings that might be causing the handshake failure.

    In all cases, it's crucial to understand the implications of modifying SSL/TLS settings, especially in production environments. Bypassing SSL/TLS validation can expose your application to security vulnerabilities, such as man-in-the-middle attacks. Always prioritize securing the connection and validating certificates properly.

    Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.