Re: Could not establish secure channel for SSL/TLS.
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Feb 2007 08:45:35 -0600
Icky. I hate troubleshooting client cert stuff.
Did you try this tool to see if it helps?
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en
Looking in the system event log for errors from schannel can sometimes yield
helpful results.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"mikem" <mikemarano@xxxxxxxxx> wrote in message
news:1170946580.160468.145380@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am trying to make web service calls via HttpWebRequest to a secure
server that requires a client certificate. The server appears to be a
Sun-ONE-Web-Server/6.1 and I am told that they are using a Nortel SSL
accelerator. The client is an ASP.NET application running on IIS6 /
windows 2003. I am using the HttpWebRequest class to make the
connection. I have followed all the directions I could find on MSDN,
etc. I have downloaded the winhttpcertcfg.exe tool, exported the
client certificate as a DER encoded .cer file (the client certificate
is also used as a server certificate to encrypt traffic in IIS6, and
is located in the LOCAL_MACHINE/My store). and ensured that the
Network Service account / ASPNET account / even Everyone has access to
the private key (as a test). I have also set the app pool to run as
the local system account but I still get this error. The error
message - inner exception - stack trace is :
The underlying connection was closed: Could not establish secure
channel for SSL/TLS. - System.ComponentModel.Win32Exception: The token
supplied to the function is invalid - at
System.Net.HttpWebRequest.CheckFinalStatus() at
System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult
asyncResult) at System.Net.HttpWebRequest.GetRequestStream() at
G1SBS.AkoTest.sendRequest()
I was able to successfully establish a connection and make a web
service request using a win32 build of the unix CURL command. So I
know that the server is up and running and that the client certificate
is good. I am at a total loss as to why this is happening - Please
help. I can provide more info should you need. Here is the code I am
using the send the request:
System.Net.ServicePointManager.CertificatePolicy = new
TrustAllCertificatePolicy();
System.Net.ServicePointManager.Expect100Continue = false;
XmlDocument x = new XmlDocument();
x.InnerXml = "<REQUEST>request</REQUEST>";
string targetUrl = "https://targeturl/test.do";
HttpWebRequest req = (HttpWebRequest) WebRequest.Create(targetUrl);
// add client certificate to request
X509Certificate clientCert = X509Certificate.CreateFromCertFile("C:\
\client.cer");
req.ClientCertificates.Clear();
req.ClientCertificates.Add(clientCert);
req.Method="POST";
req.ContentType="text/xml";
req.KeepAlive = false;
//req.MaximumAutomaticRedirections = 40;
//req.AllowWriteStreamBuffering = false;
//req.ProtocolVersion = HttpVersion.Version10;
byte [] reqBytes = UTF8Encoding.UTF8.GetBytes(x.InnerXml);
req.ContentLength = reqBytes.Length;
req.Timeout = 120000;
Stream postData = req.GetRequestStream(); ** ERROR ON THIS LINE **
postData.Write(reqBytes,0,reqBytes.Length);
postData.Close();
HttpWebResponse res = (HttpWebResponse) req.GetResponse();
StreamReader resStream = new StreamReader(res.GetResponseStream(),
UTF8Encoding.UTF8);
string sR = resStream.ReadToEnd();
res.Close();
resStream.Close();
return sR;
.
- References:
- Could not establish secure channel for SSL/TLS.
- From: mikem
- Could not establish secure channel for SSL/TLS.
- Prev by Date: Re: Client certificates do not show up installing the last Root Up
- Next by Date: Books on .net security
- Previous by thread: Could not establish secure channel for SSL/TLS.
- Next by thread: Re: Client certificates do not show up installing the last Root Update
- Index(es):
Relevant Pages
|
