Error: C# The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
Solution 1
I solved the problem with this:
ServicePointManager.ServerCertificateValidationCallback = new
RemoteCertificateValidationCallback
(
delegate { return true; }
);
Solution 2
Make sure your certificate is properly trusted. Has the root certificate been added to the correct certificate store (Trusted Root CA's on Local Machine)?
I encountered this error when the (own made) root certificate for a (self signed) certificate had been added to the Trusted Root CA's for Current User). Moving the root cert to the Root CA store on Local Machine solved my issue.
Roger G
Updated on July 27, 2022Comments
-
Roger G almost 2 years
I'm trying to make a request via SSL. The certificate is already installed on the machine and it works via browser.
I am using this request:
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding(); byte[] data = encoding.GetBytes(request.Content.OuterXml.ToString()); string password = "XXXX"; X509Certificate2 cert = new X509Certificate2("c:\\zzzz.p12", password); string key = cert.GetPublicKeyString(); string certData = Encoding.ASCII.GetString(cert.Export(X509ContentType.Cert)); Uri uri = new Uri(request.Url); HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(uri); myRequest.Credentials = new NetworkCredential(request.User, request.Password.ToString()); myRequest.Method = "PUT"; myRequest.ContentType = request.ContentType; myRequest.ContentLength = data.Length; myRequest.ClientCertificates.Add(cert); Stream newStream = myRequest.GetRequestStream(); newStream.Write(data, 0, data.Length); newStream.Close(); System.IO.StreamReader st = new StreamReader(((HttpWebResponse)myRequest.GetResponse()).GetResponseStream());
Using this code I get this error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
What is the problem?
-
Roger G almost 12 yearsYes this is an client code. Yes im accessing via https. When i connect in browser it work smoothly and dont see any warning..
-
Vladik Branevich almost 12 yearsIf you feel comfortable with network analyzers (e.g., Wireshark of NetMon) you could simply sniff your traffic and see what host you are really talking to, what certificate does it present and if the TLS handshake completes with or without errors. Otherwise, the link you got for reference is a good start. If this does not help you you can start spilling here more and more details of your setup (URL you're accessing, certificate installed on the server, network configuration - proxies, etc.)
-
Amzath over 11 yearsThis solution could be potential security threat as you are turning off the SSL certificate validation. If this is production code, understand the risk of the server you are connecting to.
-
MLProgrammer-CiM over 11 yearsHow can this be done in Windows Phone 8? ServicePointManager is not in the reference cmsresources.windowsphone.com/devcenter/en-us/downloads/…
-
Philippe Monnet over 7 yearsThe issue happened to me when funneling requests from my app through Fiddler. And adding the delegate trick to not validate the cert helped me run my call successfully, as well as to see the response in Fiddler.
-
bvgheluwe over 7 yearsI downvoted because, as @Amzath says, this circumvents security. It's better to solve the issue at its root (pun intended).
-
user2347528 over 6 yearsCan someone post the complete code snippet of using ServicePointManger code to make a request?
-
AaA almost 6 years@Amzath, any reference to potential security threat? as far as I know this issue mostly happens on self signed certificates
-
Carlos ABS about 5 yearsThis answer solves the issue. Self signed certificates are used on homol/dev environments, the question does not mentions security at all.
-
Liviu Sosu about 4 years@Roger G, Roger that! Thanks for answering your own question and also mine. I voted up both.
-
Sudhakar Chavali over 3 yearsDangerous code. In the development environment, we can use it for testing purposes but for the production environment, we should never ever rely on this approach.