Requesting web page from SSL site fails

[Tim Mavers]

I am using HttpWebRequest to request a page from my own site. It works great
when the site isn't running under SSL, but it fails when I run I turn on
SSL.

I am assuming I need to include some sort of certificate with the request?
Is this the certificate that is normally included in the browser? We are
using a standard site certificate from Verisign (which resides on the
server), what do I need to put in my client?

 

[Scott Allen]

Hi Tim:

When you hit the site with a browser - is there any sort of warning dialog
about the certificate?

Generally, a client side certificate is not required for an SSL site (although
some certainly do require one), but if the server certificate has even the
smallest of problems (like the machine's clock is set wrong and the client
thinks the certificate has expired) it will be a failure.

Do you have a specific error message from your program to work from?

 

[Joe Kaplan \(MVP - ADSI\)]

The main reason SSL requests with HttpWebRequest fail is something wrong
with the server certificate (name on cert doesn't match the hostname
requested by client, cert is revoked, cert is expired, cert is not trusted).
It is less likely that you need a client certificate, although the server
may be requesting one. You should be able to find that out with a web
browser or something.

If there is an issue with the certificate, you can either fix the problem or
implement a custom ICertificatePolicy that will allow you to override any
objections to the server's certificate and allow the request. The samples
are in the SDK docs for ICertificatePolicy.

Joe K.

 

[Tim Mavers]

The main reason SSL requests with HttpWebRequest fail is something wrong
with the server certificate (name on cert doesn't match the hostname
requested by client, cert is revoked, cert is expired, cert is not
trusted). It is less likely that you need a client certificate, although
the server may be requesting one. You should be able to find that out
with a web browser or something.

Yes, that was the problem, there as an issue with the cert on the server.
We were getting warning dialogs about "cert not being fully trusted", but
accepting "yes" would work fine (from the browser). However, apparently the
API itself will default to reject this.

Once we straightened out the cert, HttpWebRequest works fine.

Thanks for all the help.

 

[Joe Kaplan \(MVP - ADSI\)]

BTW, you can control that behavior in .NET code by implementing your own
custom ICertificatePolicy class and setting that on the ServicePointManager,
but fixing the cert is always best.

Joe K.