HTTPS .Net Core 3.1 results in "The SSL connection could not be established, see inner exception."

Question

I'm writing a little c# "worker-service" with .Net Core 3.1. I need to access an API on HP Printer's (professional plotters) where the SSL certificate is provided but not trusted by the OS. So i'm always getting the error

The SSL connection could not be established, see inner exception.

Where the inner exception is:

Authentication failed, see inner exception.

And the last inner exception is:

The token passed to the function is invalid.

The code i have looks like this so far:

try
{
    using (var httpClientHandler = new HttpClientHandler())
    {
        httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true;
        using (var httpClient = new HttpClient(httpClientHandler))
        {
            var httpResponse = httpClient.GetAsync("http://" + protocolRelativeUrl).Result;
        }
    }
} catch (Exception e)
{
    logger.LogError(e.Message);
}

I've stumbled upon these posts already:

But without any luck.. I think the problem could be that the certificate seems to be valid, but is not trusted by my OS:

The other thing is, when i debug my code - i never step into the callback ServerCertificateCustomValidationCallback ..Of course it is not working then :-/ But how could i get this working to actually fetch the data again and bypass this certificate check?

UPDATE

The content of the certificate as base64 is this:

Answer 1

I have found the answer i was looking for - it was written as a comment in one of the threads here: Allowing Untrusted SSL Certificates with HttpClient

This means - it is impossible to solve this issue with .net core 3.1 - and switching back to .net 2.x is not an option. Fixing the certificate is impossible too as it is a printer with a built-in webserver and HP decided to offer self-signed certificates with the algorithm MD5. And it would not be cool to tell our customers to install a custom made (valid) certificate first on their printer - our customers are not computer scientists..

Installing the certificate on the system or allowing the RSA/MD5 algorithm in the registry key HKEY_LOCAL_MACHINE SYSTEM\\CurrentControlSet\\Control\\Cryptography\\Configuration\\Local\\SSL\\00010003 Functions is not working too. The callback ServerCertificateCustomValidationCallback will never be executed with such a certificate!

Sooo, how did i solve it? With a different technology :-) Now i'm using the Nuget Package Python.Included and i'm making the HTTPS request trough python. Because python still allows to completely bypass any SSL certificates, YAY!

My final code looks now like this:

try
{
    PythonEngine.Initialize();
    dynamic sys = PythonEngine.ImportModule("sys");
    dynamic ssl = PythonEngine.ImportModule("ssl");
    try
    {
        ssl._create_default_https_context = ssl._create_unverified_context;
    }
    catch (Exception e)
    {
        SentrySdk.CaptureException(e);
    }
    dynamic urllibRequest = PythonEngine.ImportModule("urllib.request");
    var httpResponse = urllibRequest.urlopen("https://" + protocolRelativeUrl).read();
    return FetchHttp.SanitizeResult(httpResponse.ToString());
}
catch (Exception e)
{
    logger.LogError("Could not fetch url: " + protocolRelativeUrl);
    logger.LogError(e.Message);
    SentrySdk.CaptureException(e);
}

And it's working! <3

HTTPS .Net Core 3.1 results in "The SSL connection could not be established, see inner exception."

Question

1 answers

solution1
0 2021-10-26 10:31:18

HTTPS .Net Core 3.1 results in "The SSL connection could not be established, see inner exception."

Question

1 answers

solution1 0 2021-10-26 10:31:18

solution1
0 2021-10-26 10:31:18