user3146344 February 2016

SSL/TLS is not working with .p7b certificate

I generated the client certificate from some payment provider and I have to use it in request to theirs https API. My code looks like:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://site/api/requests/");

request.Method = "POST";
request.ContentType = "application/json";
request.ContentLength = Encoding.UTF8.GetByteCount(postDataSerialized);
request.KeepAlive = false;

request.ProtocolVersion = HttpVersion.Version10;

ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

X509Certificate2Collection certCollection = new X509Certificate2Collection();
certCollection.Import(@"d:\Production Merchant Certificate.p7b");

request.ClientCertificates.AddRange(certCollection);
request.PreAuthenticate = true;


using (StreamWriter os = new StreamWriter(request.GetRequestStream())) //Exception
{
}

And I always get two errors:

Error occured while sending POST (Form) request The underlying connection was closed: An unexpected error occurred on a send. System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host.

and

The request was aborted: Could not create SSL/TLS secure channel.

I would be grateful if you could tell me what is the proper way to send a request with a chain of certificates.

In Microsoft Management Console I have added the p7b to Personal and Intermediate Certification Authorities for Local Computer, and still I get these two errors.

Answers


CryptoGuy February 2016

The problem is that your client certificates do not contain private key at all. PKCS#7 container (with .p7b file extension) is not supposed to store certificates with private keys. You need to get certificate object with valid reference to private key. The certificate may be installed in your personal certificate store (CurrentUser\My), or by importing PKCS#12 (with .pfx or .p12 file extension) container which is supposed to store certificates with private keys.

Post Status

Asked in February 2016
Viewed 2,789 times
Voted 6
Answered 1 times

Search




Leave an answer