Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The SSL connection could not be established on Ubuntu #1941

Closed
vitaaaly opened this issue Sep 14, 2018 · 4 comments
Closed

The SSL connection could not be established on Ubuntu #1941

vitaaaly opened this issue Sep 14, 2018 · 4 comments

Comments

@vitaaaly
Copy link

I have simple app that get request to website like this:

            using (var httpClient = new HttpClient())
            {
                var response = await httpClient.GetAsync("https://www.microsoft.com");
                Console.WriteLine(response.StatusCode);
            }

This code work fine on Windows, but on Ubuntu 18.04 it crash with error:

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

This code work fine on Ubuntu only with websites that using http protocol.
Why it does not work with https?

dotnet --info:

.NET Core SDK (reflecting any global.json):
Version: 2.1.401
Commit: 91b1c13032

Runtime Environment:
OS Name: ubuntu
OS Version: 18.04
OS Platform: Linux
RID: ubuntu.18.04-x64
Base Path: /usr/share/dotnet/sdk/2.1.401/

Host (useful for support):
Version: 2.1.3
Commit: 124038c13e

.NET Core SDKs installed:
2.1.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.1.3 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.3 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.1.3 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

@bartonjs
Copy link
Member

There are two main possibilities. One is you don't have any trusted roots installed. The second is that you're seeing a problem that we've so far only seen on SLES15 and Fedora28 regarding the contents of the trusted roots store.

I can't reproduce the problem on Ubuntu 18.04, I just did an update/upgrade and manually invoked sudo update-ca-certificates just to see if it was a new(ish) package update, but can't reproduce it.

The simplest diagnostic test is to set two environment variables before running your program:

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
export SSL_CERT_DIR=/dev/null

If your program is successful after that, then this is the same as https://github.com/dotnet/corefx/issues/32224.

@Petermarcu
Copy link
Member

Issue moved to dotnet/corefx #32300 via ZenHub

@vitaaaly
Copy link
Author

@bartonjs when I set this environment variables, my program is successful.
Thank you!

@jasonsultana
Copy link

This worked for me too, hosting under CentOS on Webfaction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants