One or more errors occurred. (Could not establish trust relationship for the SSL /TLS secure channel

vikas saini 0 Reputation points
2024-02-01T16:51:59.0966667+00:00

I am using webservices to get data from external url in dotnet core webapi. When i try to hit this service on server browser it working well but in api call i am getting ssl/tls secure channel error below is my code how i am using it :

using (ServiceClient client = new ServiceClient()) {
            client.ClientCredentials.UserName.UserName = ACCOUNT;
            client.ClientCredentials.UserName.Password = PASSWORD;
            
            using (OperationContextScope scope = new OperationContextScope(client.InnerChannel)) {
                HttpRequestMessageProperty httpRequestProperty = new HttpRequestMessageProperty();
                
                
                httpRequestProperty.Headers[System.Net.HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes(ACCOUNT + ":" + PASSWORD));
                OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestProperty;
                
                try

                {
                    
                    ret = func(client);
                }
                catch (Exception ex)
                {
                    ret = new ApiErrorResponse(ex);
                }
            }
Developer technologies | ASP.NET | ASP.NET Core
{count} votes

1 answer

Sort by: Most helpful
  1. hossein jalilian 11,055 Reputation points Volunteer Moderator
    2024-02-02T21:55:22.8366667+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    there are a few things you can check and adjust in your code:

    • Certificate Validation: By default, .NET will validate the SSL/TLS certificate of the server against the trusted certificate authorities. If the server's certificate is self-signed or issued by an unknown CA, it will fail to establish trust. To bypass the certificate validation in your development environment (not recommended for production), you can add the following line of code before making the service call:
       ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
       
       
    

    This essentially accepts any certificate, which should only be used for debugging or testing.

    • Certificate Configuration: Ensure that you are providing the correct client certificate to the service. It looks like you are loading a certificate from a file (R3.crt). Make sure this certificate is valid and contains the correct private key.
       X509Certificate2 cert = new X509Certificate2("path_to_R3.crt", "password_if_required");
       client.ClientCredentials.ClientCertificate.Certificate = cert;
       
    
    • Trusted Root Certificate Store: If the server's certificate is signed by an intermediate CA, make sure that the entire certificate chain is available. If the root CA is not in the trusted root store, you might need to add it programmatically.
       X509Certificate2 rootCert = new X509Certificate2("path_to_root_certificate.crt");
       X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
       store.Open(OpenFlags.ReadWrite);
       store.Add(rootCert);
       store.Close();
       
       
    

    Be cautious when adding certificates to the trusted root store, especially on production systems.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.