Using a Client certificate when moving from the 2.0 to 4.0 Framework - The request was aborted, cannot create SSL/TLS secure channel
Code that was working on a machine with the 2.0 (3.5) version of the .NET framework all of a sudden failed when this was flipped to the 4.0 version of the framework. The end error was “The request was aborted, cannot create SSL/TLS secure channel” and “AcquireCredentialsHandle() failed with error 0X8009030D”. This code imported a client certificate and key and was not using a client certificate stored on the machine. I enabled CAPI logging and took traces of the failed and successful cases to compare. Enabling CAPI logging:
You could see in the trace the only real difference with the client certificate was that it did not have a KeyContainerName: containerName="" vs the successful which did: containerName="CLR{6FB09BC6-3199-49E0-83F4-8941879D4300}"
Debugging this you could clearly see the 4.0 code did not have this set when you inspected the RSACryptoServiceProvider object that was being created. You could see this member was null: CspKeyContainerInfo.KeyContainerName. Also this member was not set in the 4.0 version but was set in the 2.0 version: CspKeyContainerInfo.UniqueKeyContainerName.
To fix this, simply create the container name and pass it into the constructor of the RSACryptoServiceProvider:
var cspPrms = new CspParameters();
cspPrms.KeyContainerName = "TempContainerName";
var rsa = new RSACryptoServiceProvider(cspPrms);
Please drop me a note if you found this useful!
Comments
- Anonymous
March 21, 2016
Hi and thanks! This was extremely helpful! I've been struggeling with this problems for hours trying to connect to docker daemon by importing the PEM certificates. This was a really simple fix and now everything works as a charm!Cheers, Mario - Anonymous
November 07, 2016
A big thanks from here, this fixed my issue as well :)