asp.net-mvcsslasp.net-coressl-certificateumbraco6

HTTPS SSL Connection not trusted, despite certificate being fine


I have got 2 sitest hosted on Windows 2012 R2 IIs 8.5. One is instance of umbraco while other is .Net core based api (Lets call it MyApi). I want to perform certain search action on umbraco so umbraco makes call to the api which calls back the Umbraco/Api. Call to the MyApi is fine, however the call from MyApi to the Umbraco/Api is problem. The Umbraco api logs:

Search failed System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Certificates themselves are provided by our customer's inner authority, which is trusted root in server storage. Now originaly we have had problem with certificates, as they missed first DNS record we use for api call (the DNS records are not created yet, we use record in 'hosts') but that shoud be fiex by now.

I have updated the SSL error handler in the code so it logs an error and number in SSL Enum.

                            System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            System.Net.ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => 
            {
                _logger.LogError("Received TLS errror " + ((int)sslPolicyErrors).ToString());
                return false;
            };

            _logger.LogDebug("Search starting");
            if (model.Username != null)
            {
                model.Favourites = _workplaceContext.GetUserFavourites(_dataContext, model.Username);
            }
            else if (model.JustFavourites)
            {
                return BadRequest();
            }
            using (var client = new HttpClient())
            {


                client.BaseAddress = new Uri(_configuration.GetValue<string>("UmbracoApiUrl"));
                _logger.LogDebug("Searching for addres " + new Uri(_configuration.GetValue<string>("UmbracoApiUrl")));
                client.DefaultRequestHeaders.Accept.Clear();
                client.DefaultRequestHeaders.Accept.Add(
                    new MediaTypeWithQualityHeaderValue("application/json"));
                var json = JsonConvert.SerializeObject(model);
                using (var stringContent = new StringContent(json, Encoding.UTF8, "application/json"))
                {
                    var response = await client.PostAsync("workplace/search", stringContent);
                    if (response.IsSuccessStatusCode)
                    {
                        _logger.LogDebug("Search API Call success");
                        var jsonResponse = await response.Content.ReadAsStringAsync();
                        var responseModel = JsonConvert.DeserializeObject<SearchResponseModel>(jsonResponse);
                        _logger.LogDebug("Search response TotalCount = " + responseModel.TotalCount);
                        return responseModel;
                    }
                    else
                    {
                        _logger.LogDebug("Search API Call status - " + response.StatusCode);
                        return StatusCode((int)response.StatusCode);
                    }
                }
            }

Originaly we received number 2 error. Now we just receive number 0, which should be no problem. Despite that, connections is still not working. I have read various articles regarfding this and enabled troubleshooting through in web config of umbraco, but haven't found any useful information. I need method to troubleshoot the MyApi. Could somone point me a direction how to troubleshoot it to the similar degree of detail as umbraco (i am not much familiar with .NET core apps)?

The interesting part of error log:

2019-07-08 13:35:32.1745||DEBUG|XXXApi.Controllers.WorkplaceController|Search starting 
2019-07-08 13:35:32.1901||DEBUG|XXXApi.Controllers.WorkplaceController|Searching for addres https://xxx.yy.zz/umbraco/api/ 
2019-07-08 13:35:32.2682||ERROR|XXXCApi.Controllers.WorkplaceController|Received TLS errror 0 
2019-07-08 13:35:32.2682||ERROR|XXXApi.Controllers.WorkplaceController|Search failed System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---

Solution

  • Solution: The original error was in certificate and got fixed, BUT the callback returning false I used for debugging caused problem marking connection unsuccessful. It took like 2 days to figure it out. So since moment i got 0 in enum, it was just bug in my debugging code.

    Oh and don't forget to unsubscribe the delgate.