The request was aborted: Could not create SSL/TLS secure channel.

Question

We are enabled to connect to an https server using WebRequest because of this error message :

The request was aborted: Could not create SSL/TLS secure channel.

We know that the server aint got a valid https certificate with the path used (and we're not even sure if its fully release yet... ) but to bypass this issue, we use the following code that we've taken somewhere here in another post.

[...] {
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AllwaysGoodCertificate);
}
private static bool AllwaysGoodCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) {
   return true;
}

There problem is that server just never valide the certificate and fail we the error ... Anyone have any idea of what should I do?

Thank and sorry for my english ... I'm from Quebec and usualy talk french!

EDIT 1

Must said that a partner had made test some weeks ago and it were working fine with something similar than I. The only "major" difference" we've find out it were that I were setup with a Windows 7 environment and my partner a Windows XP ... Can it change something?

Answer 1

You can try to install a demo certificate (some ssl providers offers them for free for a month) to be sure if the problem is related to cert validity or not.

Answer 2

The problem you're having is that the aspNet user doesn't have access to the certificate. You have to give access using the winhttpcertcfg.exe

An example on how to set this up is at: http://support.microsoft.com/kb/901183

Under step 2 in more information

Answer 3

The error is generic and there are many reasons why the SSL/TLS negotiation may fail. The most common is an invalid or expired server certificate, and you took care of that by providing your own server certificate validation hook, but is not necessarily the only reason. The server may require mutual authentication, it may be configured with a suites of ciphers not supported by your client, it may have a time drift too big for the handshake to succeed and many more reasons.

The best solution is to use the SChannel troubleshooting tools set. SChannel is the SSPI provider responsible for SSL and TLS and your client will use it for the handshake. Take a look at TLS/SSL Tools and Settings.

Also see How to enable Schannel event logging.

Answer 4

Wow, I finaly found it;

In Windows 7, at least because it were working in XP without this, you must add this at the beginning :

        ServicePointManager.Expect100Continue = true;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

And now, it works perfectly.

Thank you guys!