The certificate authority is invalid or incorrect exception while using .NET standard 2.0

[Petermarcu]

@jainankit2474 commented on Sun Nov 26 2017

My problem here is specifically in .Net standard 2.0 and .Net core 2.0, since the same code, seems to work fine with .net framework 4.6.1.

In .NET framework, we are using following code to trust all certificates:

ServicePointManager.ServiceCertificateValidationCallback += (o, c, ch, er) => true;

But the same code is not working with .NET core 2.0 and .NET standard 2.0.

I have also tried the below code:

var httpClientHandler = new HttpClientHandler(); httpClientHandler.ServiceCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

But this is not working for me.
'An error occurred while sending the request, The certificate authority is invalid or incorrect' exception has been thrown.

Please suggest me any alternative solution for the self-signed certificate in .NET standard 2.0.

---

@Petermarcu commented on Sun Nov 26 2017

This may be an issue with the implementation of those API's in .NET Core 2.0. I'm going to move this issue to .NET Core so that can be determined.

[davidsh]

@jainankit2474

Is this for a UWP app? The only way you will get "COMException: The text associated with this error code could not be found" error is if this is UWP app.

Can you post a small repro of this?

In .NET core, this property is not used: ServicePointManager.ServiceCertificateValidationCallback

So, using the HttpClientHandler.ServiceCertificateCustomValidationCallback property instead is the right choice.

[jainankit2474]

Hi Davidsh,

The above screenshot of error is from Xamarin UWP application using .NET Standard 2.0. But we have tried the same code in Console application using .NET core 2.0. The 'WinHttpException: A security error occurred' exception has thrown. Please see below screenshot for the same:

Thanks,
Regards,
Ankit Jain

[jainankit2474]

Hi Davidsh,

Please see below code snippet:

    private const string ConstHubUrl = "https://signalR-test.azure.com:8800";
    private const string ConstHubName = "SignalRHub";

    private static void Main(string[] args)
    {
        //Ignore bad certificate in .NET core 2.0
        var httpClientHandler = new HttpClientHandler();
        httpClientHandler.ServerCertificateCustomValidationCallback = 
        HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

        IHubProxy hub;

        var connection = new HubConnection(ConstHubUrl);
        hub = connection.CreateHubProxy(ConstHubName);
        connection.Start().Wait(); // Throwing an error, in this line

        //Some code to use SignalR server method
    }

Also, see below screenshot for more info:

Please let me know of any concern.

Thanks,
Regards,
Ankit Jain

[davidsh]

What version of Windows OS is this?

Since this is using a self-signed certificate, is it possible for you to post that so we can look at the fields in the certificate etc.?

Since you are getting similar errors from both a UWP app and a Console app we need to look at the certificate. The UWP and Console HTTP stacks are implemented differently (UWP uses Wininet and Console .NET Core uses WinHttp). So, we need to find what is in common between these scenarios.

[jainankit2474]

Hi Davidsh,

We are using Windows 10 OS (latest OS build 16299 revision).

The same code using .NET Framework 4.6.1 with the 'ServiceCertificateValidationCallback' is working fine.
But using the .NET core 2.0 in the console application and using .NET standard 2.0 in Xamarin cross-platform application throwing an error.

So, is there anything that we are missing with .NET core 2.0 and .NET standard 2.0 to trust all the certificates because we are using self-signed certificates.

Please let me know of any concern.

Thanks,
Regards,
Ankit Jain

[davidsh]

I don't see anything missing from your code snippet. Can you post the self-signed certificate so we can examine it? And/or post a complete Visual Studio repro of the problem so we can debug it?

[jainankit2474]

Hi Davidsh,

As per our findings, we should use connection.Start(IHttpClient httpclient) overloaded method here. And pass the HttpClientHandler as a parameter in HttpClient. After using the overloaded method, it is working fine without throwing any certificates exception.

Thanks,
Regards,
Ankit Jain

[davidsh]

Thanks for confirming. We'll close the issue now.