Re: HttpWebRequest failure with TLS
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 09/23/05
- Previous message: scsharma: "Using WMI to grant permissions to new users on folder.."
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: HttpWebRequest failure with TLS"
- Maybe reply: Joe Kaplan \(MVP - ADSI\): "Re: HttpWebRequest failure with TLS"
- Maybe reply: Joe Kaplan \(MVP - ADSI\): "Re: HttpWebRequest failure with TLS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Sep 2005 09:41:14 -0500
This generally means that your client code doesn't have access to the
private key for the certificate in question, although it could be an issue
with certificate trust as well.
Debugging these issues is notoriously difficult I'm afraid.
The first thing I would do is make sure the certificate in question has a
private key associated with it. Then, make sure you can navigate to the
page in question with the browser and that IE will prompt you for the client
certificate.
After that, using regmon and filemon while the program is running is often
very helpful for determining where Windows is looking for the private key
file and who is getting denied access.
There are also some kbase articles on this issue.
Joe K.
"Sholto Douglas" <SholtoDouglas@discussions.microsoft.com> wrote in message
news:E9B4165D-2A81-426D-A0E1-017ABD5F8EAB@microsoft.com...
>I am using HttpWebRequest to access a WebLogic web servce. It is currently
> in a console app, but will be 'elevated' to a service.
> The code is pretty standard, but I get the dreaded WebException:
> The underlying connection was closed: Could not establish secure channel
> for SSL/TLS
> It uses 2-way SSL/TLS. I am adding the client certificate to the
> ClientCertificates property. I have added the server certificate to my
> CurrentUser store. The server has my (client) certificate. What more can
> I
> do, for heavens sake?
> The WebLogic log shows that we complete the first 3 stages of the
> handshake,
> namely up to here:
>
> *** ServerHelloDone
> HttpProcessor[8082][4], WRITE: TLSv1 Handshake, length = 4972
> HttpProcessor[8082][4], received EOFException: error
> HttpProcessor[8082][4], handling
> exception:javax.net.ssl.SSLHandshakeException: Remote host closed
> connection
> during handshake
> HttpProcessor[8082][4], SEND TLSv1 ALERT: fatal, description =
> unexpected_message
> HttpProcessor[8082][4], WRITE: TLSv1 Alert, length = 2
> ...
> ...
>
> At this point the client should send the client certificate to the server,
> but it doesn't.
> For what it's worth, here is the code:
>
> HttpWebRequest webRequest =
> (HttpWebRequest)WebRequest.Create(sUri);
> webRequest.Method = "POST";
> webRequest.KeepAlive = false;
> webRequest.ContentType = "text/xml";
> webRequest.ContentLength = in_sXml.Length;
> // Add the authentication certificates
> if (m_x509ClientCert != null)
> webRequest.ClientCertificates.Add(m_x509ClientCert);
>
> StreamWriter SW = new StreamWriter(webRequest.GetRequestStream());
> SW.Write(in_sXml);
> SW.Close();
>
> // Wait for response...
> HttpWebResponse webResponse =
> (HttpWebResponse)webRequest.GetResponse();
>
> It throws the exception at the webRequest.GetRequestStream() call.
>
> In the class constructor I have set the
> ServicePointManager.SecurityProtocol
> to
> SecurityProtocolType.Tls, and the CertificatePolicy to accept all
> certificates.
>
> Can anyone tell me what I have missed?
> --
> Thanks for any help,
> Sholto Douglas
> His Nerdship Pty Ltd
- Previous message: scsharma: "Using WMI to grant permissions to new users on folder.."
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: HttpWebRequest failure with TLS"
- Maybe reply: Joe Kaplan \(MVP - ADSI\): "Re: HttpWebRequest failure with TLS"
- Maybe reply: Joe Kaplan \(MVP - ADSI\): "Re: HttpWebRequest failure with TLS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
