Alternative Title
There is a server that runs on HTTPS and after making HttpWebRequest to any URL client application throws error massage "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
Error Stack Trace
Root Cause
Server is presenting a certificate to the client that is not trusted by either client machine of client application itself.
Solution
Normally certificate verification bypassing is not suggested but there are several cases in which you know the server is trusted and do not want to take care of certificate validation error,
In such case you can use [ServicePointManager]
ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
Just put one line of code at the start up of your application and it will mimic as certificate is valid. IE also handles the certificate errors in same way.
Multithreaded Application
This solution will not work in Multithreaded environment, we need to modify app.config
Further References
- System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
- Server Certificate validation error or Invalid server certificate
There is a server that runs on HTTPS and after making HttpWebRequest to any URL client application throws error massage "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
Error Stack Trace
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.Source=System
StackTrace:
at System.Net.HttpWebRequest.GetResponse()
at ConsoleApplication1.Healpers.ExecuteGet(String url)
at ConsoleApplication1.ODataService..ctor(String serviceURL)
at ConsoleApplication1.Program.Main(String[] args)
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException: System.Security.Authentication.AuthenticationException
Message=The remote certificate is invalid according to the validation procedure.
Source=System
StackTrace:
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
Root Cause
Server is presenting a certificate to the client that is not trusted by either client machine of client application itself.
Solution
Normally certificate verification bypassing is not suggested but there are several cases in which you know the server is trusted and do not want to take care of certificate validation error,
In such case you can use [ServicePointManager]
ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
Just put one line of code at the start up of your application and it will mimic as certificate is valid. IE also handles the certificate errors in same way.
Multithreaded Application
This solution will not work in Multithreaded environment, we need to modify app.config
<configuration>
<system.net>
<settings>
<servicePointManager
checkCertificateName="false"
checkCertificateRevocationList="false"
/>
</settings>
</system.net>
</configuration>
Refer to- http://www.west-wind.com/
weblog/posts/2011/Feb/11/ HttpWebRequest-and-Ignoring- SSL-Certificate-Errors - http://rob.gillenfamily.net/
tag/tricks/#fbid=r0NCXNFk0Xr
- http://social.msdn.microsoft.com/Forums/en-US/winappswithcsharp/thread/f5821194-4c40-48e7-976c-3dec8864ac59
- http://dobrzanski.net/2009/04/01/systemnetwebexception-the-underlying-connection-was-closed-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
I tried using this solution . It is not working for me. I am still getting the same error. I am using WebClient. The service which i am acessing has a self signed sertificate
ReplyDeleteHi Sriharsha thanks for you feedback , This solution is destined for HTTPWebRequest class and in-fact i do have faced strange problem with Web Client and finally I always used HTTPWebRequest/HTTPWebResponce.
Deleteweb Client is not as smart as HTTPWebRequest/HTTPWebResponce.
However can you please share your detailed stack trace and authentication setting + SSL settings on server side
I would suggest to post this question here http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/threads probably you will get the kind of solution you need
Hi Ashwini,
DeleteSorry it was my mistake. There was another method being called where webclient was again being used. I used your line of code before calling, now the issue is fixed. Going through some others code seems to be a tricky job ;):) . Any ways thank you for such a early reply and this useful article.
great to know that it worked for you
DeleteHi,
ReplyDeleteIt works fine for .net 3.5/4.0/4.5 with win forms/wpf. But doesn't work with win store app. Any idea?
-ursri
I have don`t have much knowledge of mobile application , but as for as I know all mobile application required DLL (client binaries ) to signed with a valid certificate , Are your binaries signed ?
ReplyDeleteThanks for reply. The certificate associated is either localhost or that generated from makecert utility. Pls help further
ReplyDeleteThanks in advance
ursri
Thanks a lot for this post! It helped me get over the certificate issue I was having very fast and continue development! Your blog is very helpful for developers.
ReplyDeleteI have tried all possible solutions and still doesnt work. Im getting the same error: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." Could you please help me out? Im not sure what is exactly this: sender, certificate, chain, sslPolicyErrors ,.. do I have to pass specific values? Could you please provide me more details? Thank you in advanced
ReplyDeleteI have tried all possible solutions and still doesnt work. Im getting the same error: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." Could you please help me out? Im not sure what is exactly this: sender, certificate, chain, sslPolicyErrors ,.. do I have to pass specific values? Could you please provide me more details? Thank you in advanced
ReplyDelete