Hello there and welcome to my blog. Today’s blog is going to be a bit different from my usual blogs on Power Platform and Dynamics 365.
In today’s blog I will discuss about the error – Could not create ssl/tls secure channel I faced while connecting to a REST API using certificate and how I resolved it.
Below is the code which I was eventually used to connect to the REST API. The below code worked for me. If you are using C# code to connect to API with certificate authentication, you can use the same code.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.Expect100Continue = true;
var handler = new HttpClientHandler();
// add the certificate to the handler.
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ClientCertificates.Add(new X509Certificate(this._certificatePath, this._certPassword));
string requestContent = "<your request content goes here>";
// create the client
var client = new HttpClient(handler);
// add required headers
client.DefaultRequestHeaders.TryAddWithoutValidation("Content-Type", "application/json");
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
StringContent dataToAuth = new StringContent(requestContent, Encoding.UTF8, "application/json");
var response = await client.PostAsync($"https://<rest-api-endpoint>", dataToAuth);
var responseContent = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
// process your response here
}Now let’s come back to the topic. The error is pretty generic and there can be multiple reasons why you get this error. I will cite the possible reasons including some information which you not easily find through Google search as well.
The first thing to make sure if you have included the following lines in your code.
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
One important thing is where you place these two lines. Remember to place these two lines before you declare an instance of HttpWebRequest/ HttpClient/ WebClient. This is a very important point to note.
If the above two lines does not solve your problem, continue reading.
While chances are less, this error may arise because of incorrectly generated .pfx or .p12 file. Make sure you have the generated the certificate .pfx/ .p12 file correctly. Following the command you should use in openssl command prompt.
If you have the .crt and .pem file, use the below command.
openssl pkcs12 -export -out certificate.pfx -inkey certificate.pem -in certificate.crt
If you have the .pem and the private key, you can use the below command to generate the certificate
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.pemIf your certificate is correct but the error persist for you, continue reading.
If you search for this error, the above two are the most common suggestions you get. However even after following all the steps above I will still getting the same error.
What finally worked for me is installing the .pfx/ .p12 file in the machine from where the code is executing. If you are running the code from your local machine or from server it does not matter. Make sure to import the certificate under Personal certificate store of the machine.
Select “Manage computer certificate” and then import the .pfx or .p12 file that you are using in Personal store.
After this when you run the code, you should see your API call no longer throwing the same error.
Hope you liked the post. If this post has helped you, you can buy me a coffee. Links on the right hand panel.
You will also like the below posts
Debajit Dutta
Business Solutions MVP