Reputation: 15
How to make a rest call over ssl to a service in Azure service fabric from local machine?
I have followed this, and created a service in service fabric. The cert was created from KV. I downloaded a certificate from KV. And I'm trying to call from my local machine. But I get 403 exception.
var handler = new HttpClientHandler();
var bytes = File.ReadAllBytes(certPath);
var cert = new X509Certificate2(bytes);
handler.ClientCertificates.Add(cert);
var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, apiUrl);
var httpClient = new HttpClient(handler);
var response = httpClient.SendAsync(httpRequestMessage).Result;
Errors:
Exception:
Inner Exception 1:
HttpRequestException: An error occurred while sending the request.
Inner Exception 2:
WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Inner Exception 3:
AuthenticationException: The remote certificate is invalid according to the validation procedure.
How can make this call?
Upvotes: 0
Views: 321
Answers (1)
Reputation: 1506
The exceptions shows that the remote certificate is invalid according to the validation procedure. Check if the certificate is installed correctly on the machine.
Enabling HTTPS in an ASP.NET Core service running on Service Fabric.
If you have a certificate PFX file, import the certificate into the certificate store.
PS C:\mycertificates> Import-PfxCertificate -FilePath .\mysslcertificate.pfx -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString "!Passw0rd321" -AsPlainText -Force)
private X509Certificate2 FindMatchingCertificateBySubject(string subjectCommonName)
{
using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
var certCollection = store.Certificates;
var matchingCerts = new X509Certificate2Collection();
foreach (var enumeratedCert in certCollection)
{
if (StringComparer.OrdinalIgnoreCase.Equals(subjectCommonName, enumeratedCert.GetNameInfo(X509NameType.SimpleName, forIssuer: false))
&& DateTime.Now < enumeratedCert.NotAfter
&& DateTime.Now >= enumeratedCert.NotBefore)
{
matchingCerts.Add(enumeratedCert);
}
}
if (matchingCerts.Count == 0)
{
throw new Exception($"Could not find a match for a certificate with subject 'CN={subjectCommonName}'.");
}
return matchingCerts[0];
}
}
Adding TLS/SSL certificates in Azure App Service
And configuring TLS mutual authentication for Azure App Service.
For more information, refer to the MS Doc and SO Link.
Upvotes: 0
Related Questions
- How to call asynchronous method from synchronous method in C#?
- How to determine SSL cert expiration date from a PEM encoded certificate?
- ITfoxtec - ADFS SAML2 The remote certificate is invalid according to the validation procedure
- Calling WCF over HTTPS in Service Fabric : The request was aborted: Could not create SSL/TLS secure channel
- Client Certificate received null in gRPC implemented in C# Console App
- HTTPS between Azure Service Fabric services
- Error accessing web service through SSL from IIS-hosted application