This is one of the staple errors encountered while trying to programmatically access SSL websites or apis.
There could be many causes to this error including
https://stackoverflow.com/questions/777607/the-remote-certificate-is-invalid-according-to-the-validation-procedure-using
To bypass it, simply add the following statement before making calls to the SSL site
There is an msdn blog which explains the process to solve this error at https://blogs.msdn.microsoft.com/jpsanders/2009/09/16/troubleshooting-asp-net-the-remote-certificate-is-invalid-according-to-the-validation-procedure/
I followed the steps in this blog and finally could resolve this issue by using steps below:
There could be many causes to this error including
- Reuest headers
- Firewall settings
- Certificate Trust settings
https://stackoverflow.com/questions/777607/the-remote-certificate-is-invalid-according-to-the-validation-procedure-using
To bypass it, simply add the following statement before making calls to the SSL site
ServicePointManager.ServerCertificateValidationCallback =
delegate(object s, X509Certificate certificate,
X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };
However, this should NEVER be used in prod environments.There is an msdn blog which explains the process to solve this error at https://blogs.msdn.microsoft.com/jpsanders/2009/09/16/troubleshooting-asp-net-the-remote-certificate-is-invalid-according-to-the-validation-procedure/
I followed the steps in this blog and finally could resolve this issue by using steps below:
- Add headers to the request
using (var client = new HttpClient(requestHandler))
{
client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0
(Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/68.0.3440.106 Safari/537.36");
client.DefaultRequestHeaders.Add("Host", "log-api-1h.rcseng.ac.uk");
client.DefaultRequestHeaders.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/apng,*/*;q=0.8");
client.DefaultRequestHeaders.Add("Accept-Language", "en-GB,en;q=0.9,en-US;q=0.8");
- add certificate (.pfx) to the request
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
| SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
X509Certificate2
clientCert = GetClientCertificate();
WebRequestHandler requestHandler = new WebRequestHandler();
if (clientCert != null)
{
requestHandler.ClientCertificates.Add(clientCert);
}
private static X509Certificate2 GetClientCertificate()
{
X509Certificate2
_clientCertificate = null;
try
{
//try to create client
certificate from settings
var clientCertificatePath
= ConfigurationManager.AppSettings[SETTING_KEY_CLIENT_CERTIFICATE_PATH];
var
clientCertificatePrivateKey = ConfigurationManager.AppSettings[SETTING_KEY_CLIENT_CERTIFICATE_PRIVATE_KEY];
var file = File.OpenRead($"{AppDomain.CurrentDomain.BaseDirectory}{clientCertificatePath}");
byte[] arr = new byte[file.Length];
file.Read(arr, 0, (int)file.Length);
file.Close();
//create certificate
from file
_clientCertificate = new X509Certificate2(arr, clientCertificatePrivateKey);
}
catch (Exception ex)
{
//throw ex;
}
return _clientCertificate;
}
- Add this certificate to the trusted root authorites certificate store
- Add any certificates in the certificate chain to the Intermidiate Certificate Authorities