views:

354

answers:

2

I am trying to pass a client certificate to a server using the code below however I still revive the HTTP Error 403.7 - Forbidden: SSL client certificate is required. What are the possible reasons the HttpWebRequest would not send the client certificate?

var clientCertificate = new X509Certificate2( @"C:\Development\TestClient.pfx", "bob" );

                    HttpWebRequest tRequest = ( HttpWebRequest )WebRequest.Create( "https://ofxtest.com/ofxr.dll" );

                    tRequest.ClientCertificates.Add( clientCertificate );
                    tRequest.PreAuthenticate = true;
                    tRequest.KeepAlive = true;
                    tRequest.Credentials = CredentialCache.DefaultCredentials;
                    tRequest.Method = "POST";
                    var encoder = new ASCIIEncoding();
                    var requestData = encoder.GetBytes( "<OFX></OFX>" );

                    tRequest.GetRequestStream().Write( requestData, 0, requestData.Length );
                    tRequest.GetRequestStream().Close();

                    ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback( CertPolicy.ValidateServerCertificate );
                    WriteResponse( tRequest.GetResponse() );
A: 

It could be the wrong cert, could be missing cert, etc.. Use Fiddler (free) as a proxy to intercept the traffic, and you'll see whether the cert is attached or not.

Chris Thornton
I have used fiddler and I see no indication of the client cert on the initial connect request. I have this cert working in an mfc test application so it seems to be something with .net not liking something.
Aaron Fischer
You can use SoapUI to make a sample request, and attach the .pfx to it (see Preferences | SSL, and you can attach a .pfx there). Examine that request through Fiddler, and you'll see what a good one should look like.
Chris Thornton
A: 

Is the password correct? I'm not familiar with the .net way of doing this, but I assume "bob" is the password. Change to "rick" and see if you get an error. If so, then you're probably doing it right. If everything is the same as if you use "bob", then there may be an issue with the password.

Chris Thornton