[英]“Could not create SSL/TLS secure channel” error when authenticating to a web service using X.509
I've seen several threads with the same error and tried various potential solutions, but so far no luck. 我见过多个线程具有相同的错误,并尝试了各种可能的解决方案,但到目前为止还没有运气。 I am working with a client's REST endpoint, which requires a client certificate to authenticate. 我正在使用客户端的REST端点,该端点需要客户端证书进行身份验证。 I have the certificate and have installed it for the current user and the local machine by double-clicking the .pfx and completing the wizard. 我拥有证书,并通过双击.pfx并完成向导为当前用户和本地计算机安装了该证书。 I also ran the following using winhttpcertcfg
so that the app pool identity account ( Network Service
) can use the certificate: 我还使用winhttpcertcfg
运行了以下winhttpcertcfg
以便应用程序池标识帐户( Network Service
)可以使用证书:
winhttpcertcfg -i "<path to .pfx> -c LOCAL_MACHINE\My -a "Network Service" -p "<password for .pfx>
I've added the certificates snap-in to MMC and added my certificate, so when I hit the API endpoint URL in Chrome, the certificate shows up and I click it, and I see the XML returned. 我已将证书管理单元添加到MMC并添加了我的证书,因此当我在Chrome中点击API端点URL时,将显示证书并单击它,然后看到返回的XML。
Unfortunately, the code I am using is encountering an error when trying to get a response. 不幸的是,我正在使用的代码在尝试获取响应时遇到错误。 My code (which is within an MVC action): 我的代码(在MVC动作中):
var url = "https://obfuscated.api.endpoint.host/api/Profile";
var certPath = @"C:\Users\paldrich\AdvisorDirectoryClient.pfx";
var xmlResult = string.Empty;
try
{
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12;
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
request.ContentType = "application/xml;charset=UTF8";
X509Certificate cert = new X509Certificate(certPath, "obfuscated-password");
request.ClientCertificates.Add(cert);
request.PreAuthenticate = true;
var response = request.GetResponse();
var responseStream = response.GetResponseStream();
xmlResult = new StreamReader(responseStream).ReadToEnd();
}
catch (Exception ex)
{
Log.Error("Bio App web service call failed.", ex, "AdvisorController");
xmlResult = ex.Message;
}
return Json(xmlResult, JsonRequestBehavior.AllowGet);
When it tries to get the response ( response.GetResponse()
), I see the following error: The request was aborted: Could not create SSL/TLS secure channel.
当它尝试获取响应( response.GetResponse()
)时,我看到以下错误: The request was aborted: Could not create SSL/TLS secure channel.
Things I've Tried: 我尝试过的事情:
Network Service
to my certificate under C:\\Users\\paldrich
. C:\\Users\\paldrich
Network Service
完全访问权限授予C:\\Users\\paldrich
下的我的证书。 ServicePointManager.SecurityProtocol
just SecurityProtocolType.Tls12
and also just SecurityProtocolType.Ssl3
. 使ServicePointManager.SecurityProtocol
只是SecurityProtocolType.Tls12
,也就是SecurityProtocolType.Ssl3
。 Use Tls 1.0
, Use Tls 1.1
and Use Tls 1.2
all checked in Internet Properties. 验证“ Internet属性”中是否已全部选中“ Use Tls 1.0
,“ Use Tls 1.1
和“ Use Tls 1.2
。 I realized what my problem was after submitting this. 提交此文件后,我意识到我的问题所在。 I needed to use X509Certificate2
instead of X509Certificate
(I figured this out by just trying 2), although I don't understand why, outside of the fact that X509Certificate2 is newer. 我需要使用X509Certificate2
而不是X509Certificate
(我只是尝试2来解决这个问题),尽管我不明白为什么,但实际上X509Certificate2是更新的。 Regardless, the XML is coming up; 无论如何,XML即将问世。 it is showing up as a Unicode converted string, but overall the goal has been accomplished. 它显示为Unicode转换的字符串,但总体目标已经实现。
So, instead of: 因此,代替:
X509Certificate cert = new X509Certificate(certPath, "obfuscated-password");
I had to use: 我不得不使用:
X509Certificate2 cert = new X509Certificate2(certPath, "obfuscated-password");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.