CODEWITHSUNDEEP
c#azurecertificaterestsharp
Carl Decks
Carl Decks

Reputation: 415

RestRequest works local but not from azure "The request was aborted: Could not create SSL/TLS secure channel."

When I run my app in localhost it works fine but when I publish it to Azure my request stop working. Getting the error : "The request was aborted: Could not create SSL/TLS secure channel."

I have an app that calls a external commercial Soap-API. The external API requires a client certificate to be passed along as I make the requests and it also needs my ip address to be whitelisted.

The commercial API have whitelisted the IP's that I got from my app service/properties/outgoing & virtual IP addresses in Azure enter image description here

I've added my client certificate file(.p12) to a folder in my solution and when checking the files uploaded to azure I can see it there as well.

Using RestSharp, my request looks like:

   private string RequestToBv(string pXml)
    {            
        X509Certificate2 cert = new X509Certificate2(bvCertificatePath, bvCertificatePassword);

        var client = new RestClient(mXmlApiUrl); //mXmlApiUrl = url to endpoint
        client.Timeout = -1;
        client.ClientCertificates = new X509CertificateCollection() { cert };
        var request = new RestRequest(Method.POST);
        request.AddHeader("Content-Type", "application/xml");
        request.AddParameter("application/xml", pXml, ParameterType.RequestBody);

        IRestResponse response = client.Execute(request);

        if (response.StatusCode == HttpStatusCode.OK)
        {
            return response.Content;
        }

        return "";
    }

When debugging in Azure I get StatusCode = 0 and the error message: "The request was aborted: Could not create SSL/TLS secure channel."

enter image description here

After searching stackoverflow for answers I've to add following lines of code at the top of my method:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
        ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;

But I still get the same error response.

Is there any settings I need to set in Azure or install my client certificate in some way on Azure?

Additional info after comment: enter image description here

Upvotes: 8

Views: 905

Answers (2)

Aatif Akhter
Aatif Akhter

Reputation: 2206

I was facing issue with a new function app deployment, I was getting the same error message.

I was using self hosted agent but when I used Microsoft hosted agent for deployment it worked. The problem was due to some missing TLS 1.2 settings and Configuring strong cryptography. I had to add below keys in the registry and of course a machine restart afterwards.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001

And it worked as a charm afterwards. Reference

Upvotes: 0

Carl Decks
Carl Decks

Reputation: 415

What I had to do was to convert my .p12 Certificate file to crt file, import it to Azure and then use X509Store in my code to get it. After that the handshake was successful

Upvotes: 7

Related Questions