The request was aborted: Could not create SSL/TLS secure channel

Rutger picture Rutger · Sep 7, 2012 · Viewed 32.1k times · Source

Possible Duplicate:
The request was aborted: Could not create SSL/TLS secure channel

I am trying to send a http request with a client side certificate. The file, in this case a .p12 file. However when it reaches the line responseStream = httpRequest.GetRequestStream(); it throws a WebException: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

I am debugging this on IIS7.5 (on windows 7), where the app pool identity is "LocalSystem".

How do i solve this problem?

        System.IO.Stream responseStream = null;
        string errorString = string.Empty;
        ;
        string postData = string.Empty;
        HttpWebRequest httpRequest = null;
        System.Text.Encoding Encoding = new System.Text.UTF8Encoding();
        try
        {
            XmlDocument orderXml = new XmlDocument();
            orderXml.Load(@"c:\xmlfile.xml");
            postData = orderXml.InnerXml;

            byte[] byte1 = Encoding.GetBytes(postData);

            httpRequest = (HttpWebRequest)WebRequest.Create("https://testurl.com/SOAP_v1_0/");
            httpRequest.Method = "POST";
            httpRequest.Timeout = 9000;
            httpRequest.KeepAlive = false;
            httpRequest.ContentType = "text/xml; charset=" + "utf-8";
            httpRequest.ContentLength = byte1.Length;

            X509Certificate2 certificate = new X509Certificate2(@"c:\file.p12", "password", X509KeyStorageFlags.Exportable);
            X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

            try
            {
                store.Open(OpenFlags.ReadWrite);

                if (!store.Certificates.Contains(certificate))
                {
                    store.Add(certificate);
                }

                int indexOfCertificate = store.Certificates.IndexOf(certificate);
                certificate = store.Certificates[indexOfCertificate];
            }

            finally
            {
                store.Close();
            }

            httpRequest.ClientCertificates.Add(certificate);

            responseStream = httpRequest.GetRequestStream();

            responseStream.Write(byte1, 0, byte1.Length);
        }
        catch (WebException webExcp)
        {
            errorString += "Error message: " + webExcp.Message;

            // Get the WebException status code.
            WebExceptionStatus status = webExcp.Status;

            if (status == WebExceptionStatus.ProtocolError)
            {
                // Get HttpWebResponse so that you can check the HTTP status code.
                HttpWebResponse httpResponse = (HttpWebResponse)webExcp.Response;
                errorString += "; The server returned protocol error " + httpResponse.StatusCode + " - " + httpResponse.StatusCode;
                httpResponse.Close();
            }
        }
        catch (Exception e)
        {
            errorString += "Error message: " + e.Message;
        }
        finally
        {
            if (responseStream != null)
            {
                responseStream.Close();
            }
        }
    }

When running with a trace log these are the lines specifing the error:

System.Net Information: 0 : [4968] SecureChannel#2399524 - Certificate is of type X509Certificate2 and contains the private key.

System.Net Information: 0 : [4968] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)

System.Net Error: 0 : [4968] AcquireCredentialsHandle() failed with error 0X8009030D.

System.Net Information: 0 : [4968] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)

System.Net Error: 0 : [4968] AcquireCredentialsHandle() failed with error 0X8009030D.
System.Net.Sockets Verbose: 0 : [4968] Socket#59311937::Dispose()

System.Net Error: 0 : [4968] Exception in the HttpWebRequest#50160154:: - The request was aborted: Could not create SSL/TLS secure channel.

System.Net Error: 0 : [4968] Exception in the HttpWebRequest#50160154::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel.

Answer

feroze daud picture feroze daud · Sep 8, 2012

You need to create a system.net log for your app. You will need to create a myapp.exe.config config file and put the following into it.

<?xml version="1.0" encoding="UTF-8"?>

<configuration>
    <system.diagnostics>
        <trace autoflush="true" />
        <sources>
            <source name="System.Net">
                <listeners>
                    <add name="System.Net" />
                </listeners>
            </source>
            <source name="System.Net.Sockets">
                <listeners>
                    <add name="System.Net" />
                </listeners>
            </source>
            <source name="System.Net.Cache">
                <listeners>
                    <add name="System.Net" />
                </listeners>
            </source>
        </sources>
        <sharedListeners>
            <add
                name="System.Net"
                type="System.Diagnostics.TextWriterTraceListener"
                initializeData="System.Net.trace.log"
            />
        </sharedListeners>
        <switches>
            <add name="System.Net" value="Verbose" />
            <add name="System.Net.Sockets" value="Verbose" />
            <add name="System.Net.Cache" value="Verbose" />
        </switches>
    </system.diagnostics>
</configuration>

If you run with this config file, it will create a logfile called system.net.trace.log. That file will have more details on why this is failing.