All geek questions in one place

HttpClient with client certificate downloaded from file

I want to add mutual authentication to my client .NET application running under the IIS server (this is a web service that calls another web service). The client application downloads the client certificate from the file and works fine with the following code on my development machine (I tried Windows 7 and Windows 10 with .NET 4.6.2):

var handler = new WebRequestHandler();
var certificate = new X509Certificate2(clientCertPath); -- PFX file with client cert and private key 
handler.ClientCertificates.Add(certificate);
handler.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired;
client = new HttpClient(handler);

But when this code is deployed to Windows 2016 Server, the application issues The request was aborted: Could not create SSL/TLS secure channel.

I turned on tracing for System.Net, this is what I see in the logs

SecureChannel#66407304 - Certificate is of type X509Certificate2 and contains the private key.
AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)
AcquireCredentialsHandle() failed with error 0X8009030D.
AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)
AcquireCredentialsHandle() failed with error 0X8009030D.
Exception in HttpWebRequest#60537518:: - The request was aborted: Could not create SSL/TLS secure channel..

, IIS PFX. , IIS_IUSRS, All Tasks -> Manage Private Keys..., , .

, Windows Server, PFX ?

+4
2

X509KeyStorageFlags.PersistKeySet. , , . , ( ), .

+1

, , , MachineKeySet.

var certificate = new X509Certificate2(clientCertPath);


var certificate = new X509Certificate2(clientCertPath, null, X509KeyStorageFlags.MachineKeySet);

, , .

0

Source: https://habr.com/ru/post/1678244/

More articles:


All Articles