Geek Answers Handbook

The remote certificate was invalidated by the user

In the azure virtual machine, I have a web application and a sub-web application with FormsAuthentication and HTTPS configured with a valid certificate. Authentication is shared between the main application and the secondary application with the same machine key. SSL is required for two applications

All this is good from the outside with a public URL.

I need to send some requests from the main application to the open-source sub-application for configuration purposes (the additional application can be installed on another server). These requests use a specific account for identification.

This is my code to send a request from the main application to the sub-application, this.WebApiUrl is the public URL:

// If we are not authenticated if(!isAuthenticated) { // Check user and login if(!User.Check(this.WebApiLogin, this.WebApiPassword)) throw new Exception("Unauthorized user"); isAuthenticated = true; } // Convert HttpCookie to Cookies var cookies = FormsAuthentication.GetAuthCookie(this.WebApiLogin, false).ToCookies(); // Create request with the authentication cookie Uri baseAddress = new Uri(this.WebApiUrl); CookieContainer cookieContainer = new CookieContainer(); foreach(var cookie in cookies) { if(String.IsNullOrEmpty(cookie.Domain)) cookie.Domain = baseAddress.Host; if(baseAddress.Scheme == "https") cookie.HttpOnly = false; cookieContainer.Add(cookie); } // send request using(HttpClientHandler handler = new HttpClientHandler() { CookieContainer = cookieContainer }) { using(HttpClient client = new HttpClient(handler)) { client.BaseAddress = baseAddress; client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); return client.GetStringAsync(requestUri).Result; } }

All this is Ok without ssl. When I active ssl, the request between the main application and the subdomain application fails with

The connected connection was closed: Failed to establish a relationship trust for the SSL / TLS secure channel.

Here are the system logs from system and system sockets.

Information about System.Net: 0: [10788] SecureChannel # 92992 - the remote certificate was invalidated by the user.

System.Net.Sockets Detail: 0: [10788] Socket # 29502801 :: Dispose ()

System.Net error: 0: [10788] Exception in HttpWebRequest # 61435094 :: - The main connection was closed: the trust relationship for the SSL / TLS secure channel could not be established ..

System.Net Verbose: 0: [10788] HttpWebRequest # 61435094 :: EndGetResponse ()

System.Net error: 0: [10788] Exception in HttpWebRequest # 61435094 :: EndGetResponse - the underlying connection was closed: the trust relationship for the SSL / TLS secure channel could not be established ..

It is strange that the journal does not say why the certificate was invalidated by the user. althougth this certificate is valid for external requests.

Important: I do not need a solution with ServicePointManager.ServerCertificateValidationCallback, because it is in production

thanks for the help

+8
ssl iis ssl-certificate azure
source share
1 answer

Do you ServerCertificateValidationCallback anywhere else in your code?

We had a logical flaw in the callback that we implemented, which was included in the white list of the indicated domains with self-signed certificates. Namely, the callback was always executed - even for valid certificates - but only applied the whitelist logic. Since there were no legitimate certificates on this list, the callback indicated a failure.

This was allowed by returning earlier based on the error variable:

if (error == SslPolicyErrors.None) return true;

+2
source share

More articles:


All Articles