C# Rest Api TLS/SSL Connection Error

Hi Everyone,

I am trying to connect to the cash register with the AuthenticateUsingCredentials function. While establishing a connection to the vault, I receive the error: The underlying connection was closed: "The trust relationship could not be established within the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure." There is no error in the username and password. Additionally, no changes have been made to the codes. What is the reason for receiving such an error in the previously accessed vault? What change should I make? Please help me. Thanks in advance.

  • Yes: someone needs to identify the SSL issue and fix it.  You could use the link at the start of the thread as a starting point.

  • Ok I understand. I wonder if it is the people from Restsharp who will bring a solution to this issue? Who should find a solution when I ask a question from the link you shared? Or should I contact them directly?

  • I don't know what to say to you, as I feel I've said it all before.

    I don't believe that the issue is with the MFWSClient library itself.  I don't believe that the issue is in RestSharp.  I believe the issue is with your infrastructure there.  I would assume that identifying and fixing the issue will be down to you and whoever administers the infrastructure.

    Obviously feel free to create an issue on the RestSharp github project if you disagree with me.

  • Show me the code that you used to ignore the SSL error.  Maybe that'll convince me that it's a bug somewhere else, but I suspect you've simply told dotnet to ignore the SSL validation.

  • My code that I use to ignore ssl errors is as follows. 

    ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

  • Yep; so you've told dotnet to ignore the SSL errors.

    This further indicates to me that the issue is your infrastructure - as I said in the first post - and nothing to do with either library.

  • My M-Files login code with the MFWSClient library is as follows. If the error is in my infrastructure, then can you help me find out where the problem is? I'm still new to this.

    public MFWSClient ConnectClient()

    {
    ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
    string baseUrl = @System.Configuration.ConfigurationManager.AppSettings["baseUrl"];
    string vaultId = @System.Configuration.ConfigurationManager.AppSettings["vaultId"];
    string username = @System.Configuration.ConfigurationManager.AppSettings["username"];
    string password = @System.Configuration.ConfigurationManager.AppSettings["password"];
    MFWSClient client = new MFWSClient(baseUrl);
    client.AuthenticateUsingCredentialsAsync(Guid.Parse(vaultId), username, password);
    return client;
    }

  • Go to the link I sent in the very first post.  The top answer there has details of many reasons why you may get this error.  They include the certificate having expired, or that something in the chain isn't trusted, and a variety of other reasons.  Send that to the administrator of the infrastructure and work with them.

    There is nothing more we can do to assist; you need to get someone to look into that issue and resolve it, at which point the problem disappears.

  • I know I took up a lot of your time, but I apologize and want to ask one more question. I was able to run this project very well before and access all the data I wanted. This is a situation that develops later and suddenly. If it was something related to my build, shouldn't I have gotten the same error before? Do you have any ideas about this issue?

  • I really don't know what else to say, so I think this is probably going to be my last post on this thread.  Maybe someone else can give you some other guidance.

    What you're describing makes complete sense if you read the link I sent you in the very first post.

    One of the potential issues in the link is that the SSL certificate has expired.  That would entirely explain why you didn't have an issue but you do now.  Another potential issue in the link is that the SSL certificate chain can't be validated/trusted, which might be caused when the SSL certificate were renewed and reapplied depending upon the certification authority that was used.  That would also entirely explain why you didn't have an issue but you do now.  Another potential issue in the link is self-signed certificates (which is related to the certification chain being unable to be valdiated/trusted), potentially as part of a renewal process.  That would also entirely explain why you didn't have an issue but you do now.

    You need to speak to someone actually involved in the infrastructure there.  Someone who, perhaps, has changed something (or needs to change something) to do with the SSL certificate.  There is nothing more we can do to assist.  You need to get someone to look into the SSL issue and resolve it, at which point the problem disappears.