locked
The request was aborted: Could not create SSL/TLS secure channel.

    Pytanie

  • Hi guys,

    I really hope someone can help me out on this as I'm struggling badly.

    I've got some pretty straightforward code to make an HttpWebRequest.

    public static string GetText(string url, int timeout, X509Certificate mrCert)
    {
    HttpWebRequest req = null;
    HttpWebResponse resp = null;
    StreamReader reader = null;
    try
    {
    req = (HttpWebRequest)WebRequest.Create(url);
    req.Timeout = timeout;
    req.Credentials = CredentialCache.DefaultCredentials;
    req.ClientCertificates.Add(mrCert);
     
    resp = (HttpWebResponse)req.GetResponse();
    reader = new StreamReader(resp.GetResponseStream());
    return reader.ReadToEnd();
     
    }
    catch (Exception e)
    {
    throw new Exception("GetRemoteXML", e);
    }
    finally
    {
    if (reader != null)
    reader.Close();
    }
    }

    The client requires that I include an X509Certificate in the request.  The certificate has been installed correctly and I can successfully make the call when running in ASP.NET Development Server.  My colleague has also installed the certificate and ran the code in the ASP.NET Development Server.  It works as expected.

    However, when we put the code onto the test server, running under IIS, I get the following error:

    "The request was aborted: Could not create SSL/TLS secure channel."

    The certificate is installed correctly on the test server.  We've followed exactly the same process as on the local machine.  The only thing that I can think is different is what I said, locally it's running under ASP.NET Development Server while on the test server it is IIS. 

    Anyone got any ideas???

    Cheers,

    Michael

     

    13 lipca 2006 22:09

Wszystkie odpowiedzi

  • OK, I've set this up so that the code is running on the same machine with the same certificate.  It works under ASP.NET Development server and fails when running under IIS.

    Am I missing some sort of IIS configuration setting?

    Cheers,

    Michael

    14 lipca 2006 10:26
  • If the certificate is in the user store then the development server will find it because it runs under that user. The IIS worker process runs under a different user and that's why probably it cannot find it. Try to put it in the store for the Local Computer account.
    14 lipca 2006 11:25
  • Thanks, but the certificate is already in the Local Computer store, not the Current User store.

    Cheers,

    Michael

    14 lipca 2006 11:54
  • Folks,

    I'm getting the same error message but Im using winforms, calling an external web service.

    I had originally added the cert to the local machine store with the code...

    Dim store2 As X509Store = New X509Store("JipStore", StoreLocation.LocalMachine)

    store2.Open(OpenFlags.ReadWrite)

    Dim certificate1 As New X509Certificate2("c:\Ming.cer", "pflim")

    Dim collection As New X509Certificate2Collection()

    collection.Add(certificate1)

    store2.Add(certificate1)

    store2.AddRange(collection)

    Im accessing it ....

    Dim store As X509Store = New X509Store("JipStore", StoreLocation.LocalMachine) etcetera.....

     

    When I try to call the web service I get a web exception

    SecureChannelFailure {10} The request was aborted: Could not create SSL/TLS secure channel.

    This same code works when I use a cert from "My" store

    'Dim store As X509Store = New X509Store(StoreName.My, _

    'StoreLocation.CurrentUser)

    Im baffled.

    Thanks

    Mick

     

     

    1 sierpnia 2006 14:46
  • I too am among the many users who face this problem. I can access all certificate properties and make a webservice call from the VS2005 environment, but I cannot access the webservice call from IIS5.0!

    I can access the certificate and it's properties in IIS5, but cannot make a webservice call. I get the error:  The request was aborted: Could not create SSL/TLS secure channel.

    Is this because the IIS runs under a different account and permissions have to be set somewhere? I am accessing the certificate from the Local Store and not userStore.
    5 lipca 2007 05:12
  • I found a solution though. Check this link (similar topic to which I replied)
    http://forums.microsoft.com/msdn/showpost.aspx?postid=218807&siteid=1&sb=0&d=1&at=7&ft=11&tf=0&pageid=1
    5 lipca 2007 11:03
  • I have the same problem with calling a https://localost/getaspsession.asp from .NET code. The main site is ASP web site and ASP.NET web site is virtual directory.

    The error is :

     

    The connection was closed. Could not create SSL/TLS secure channel. I am using httpwebrequest and httpwebrepsonse object.

     

    Is there any other classes which help us unerstanding the https request and response. The request should the pass all the certificates that is received from client along with the request.

     

    Should we setup any trust between two requests ? How should this made work ?

     

    Thanks for any help..

    18 lipca 2007 23:13
  • You may need to register the certificate with the ASPNET worker process

     

    1.      The following URL will explain the steps in detail:

         http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht13.asp

    2.      You will need to download and install the WinHttpCertCfg.exe tool from Microsoft.

         http://go.microsoft.com/fwlink/?linkid=20506

    3.      Allow the tool to install on the server running the web application.

    4.      Once installed successfully, use the following command to grant access to a specific user account:

       >C:\Program Files\Windows Resource Kits\Tools\WinHttpCertCfg.exe -g -c LOCAL_MACHINE\MY -s Issued To Name -a  ASPNET

    5.     You should receive a message confirming that access has been granted to ASPNET.

     

    Good luck
    20 lipca 2007 16:55
  • You may need to register the certificate with the ASPNET worker process

     

    1.      The following URL will explain the steps in detail:

         http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht13.asp

    2.      You will need to download and install the WinHttpCertCfg.exe tool from Microsoft.

         http://go.microsoft.com/fwlink/?linkid=20506

    3.      Allow the tool to install on the server running the web application.

    4.      Once installed successfully, use the following command to grant access to a specific user account:

       >C:\Program Files\Windows Resource Kits\Tools\WinHttpCertCfg.exe -g -c LOCAL_MACHINE\MY -s Issued To Name -a  ASPNET

    5.     You should receive a message confirming that access has been granted to ASPNET.

     

    Good luck

    A couple of things. 

    1. The "-g" switch doesn't seem to do anything?!
    2. After running this against the ASPNET user I continued to get the SSL/TLS error. I had to (-a "NETWORK SERVICE")

    2 marca 2010 19:08