Jaa


Troubleshooting TLS / SSL communication problems for ASP.NET applications making HTTP Web Request or WCF queries to SSL endpoints – Introduction

This is the introduction post of a series of articles about troubleshooting TLS / SSL communications problem when you make Http Web Request or WCF queries from your ASP.NET applications to SSL endpoints.

Consider the following set up:

You are running an ASP.NET application which makes an HTTPS request to an endpoint and the response will be then be sent for display in the end user’s browser. This may be an HttpWebRequest, WebRequest or a web service / WCF call to an SSL endpoint.

To make the things easier, we are going to use a very simple ASP.NET 4.6 application which uses the following demontration purposly-written code:

protected void Page_Load(object sender, EventArgs e) { WebRequest wreq = WebRequest.Create("https://iis85.buggybits.com/"); WebResponse wres = wreq.GetResponse(); Stream str = wres.GetResponseStream(); StreamReader strr = new StreamReader(str); string realresp = strr.ReadToEnd(); Response.Write(realresp); strr.Close(); wres.Close(); }

As seen in the code above the ASP.NET application acts as a client and makes an HTTP call to https://iis85.buggybits.com/. That application is running on another server.

We will cover the following problems:

Scenario 1:

When we run our application we get the following error message:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

You can start reading the troubleshooting steps for scenario 1 here.

Scenario 2:

This scenario covers the same error message as scenario 1 but there is a different root cause. You can start reading the troubleshooting steps for scenario 2 here.

Scenario 3:

This scenario covers the troubleshooting steps for the following error message:

The remote certificate is invalid according to the validation procedure.

We are going to use System.Net tracing to find the problem. You can start reading the troubleshooting steps for scenario 3 here.

Happy troubleshooting...