I have a Windows 2008 Server with IIS 7 which using a .NET C# Application to send requests to PayPal to process payments. A few months ago I installed a Certificate which was purchased by Verisign. After installation, I was able to run my WebClient code to create SSL Connections successfully, and process payments via the PayPal NVP API (Name Value Pair).
Recently, I have been receiving an error during SSL Transaction. The specific error is as follows:
Could not create SSL/TLS secure channel
I've checked everything I could think of, and read many articles on StackOverflow and other places on the net.
The best resource I found was this:
The request was aborted: Could not create SSL/TLS secure channel
Lookup the error in this article http://support.microsoft.com/kb/915599 Resolution J. It also may be that you are not supplying a client certificate. Most likely this is an issue with TLS or SSL3 being used and the server not understanding it.
http://blogs.msdn.com/b/jpsanders/archive/2009/01/07/you-receive-one-or-more-error-messages-when-you-try-to-make-an-http-request-in-an-application-that-is-built-on-the-net-framework-2-0.aspx
And here is a list of all the other resources I've tried reading and implimenting their solutions:
Various Links I've Tried:
http://support.microsoft.com/kb/901183
Could not create SSL/TLS secure channel - Could the problem be a proxy server?
The request was aborted: Could not create SSL/TLS secure channel
The request was aborted: Could not create SSL/TLS secure channel - Decrypt returned SEC_I_RENEGOTIATE
http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/99d49286-5c3a-4311-a1e3-499f035ce979/
http://blogs.msdn.com/b/jpsanders/archive/2009/01/07/you-receive-one-or-more-error-messages-when-you-try-to-make-an-http-request-in-an-application-that-is-built-on-the-net-framework-2-0.aspx
http://forums.iis.net/t/1156690.aspx
I have tried the following solutions:
- Reinstall the certificate, and placed it into various stores (Personal, LocalComputer)
Added this ServiceManager code:
ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;Enabled logging to gain more verbose details
- Various other solutions listed in the above links
What is so frustrating is that this was working fine a few months ago, and now I receive this error. At first, I thought the cert expired, but it appears to be fine.
It could be a Service Pack or Hotfix for Windows Server has created a new setting or scenario which breaks SSL. I figured that re-installing the cert would solve that.
It is important to note that when I reinstalled, I simply added it to the various stores (Double Click the cert and install). I did not create a "Certificate Request". Since its already installed and bound to the SSL Port of my IIS Application, it should be ok.
This is the code that creates the web request:
public static Hashtable DoWebReq(string strNVP, string strNVPSandboxServer)
{
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
string _strNVP = strNVP;
//Create web request and web response objects, make sure you using the correct server (sandbox/live)
var wrWebRequest = (HttpWebRequest)WebRequest.Create(strNVPSandboxServer);
wrWebRequest.Method = "POST"; // POST
var requestWriter = new StreamWriter(wrWebRequest.GetRequestStream());
requestWriter.Write(_strNVP);
requestWriter.Close();
// Get the response.
var hwrWebResponse = (HttpWebResponse)wrWebRequest.GetResponse();
var responseReader = new StreamReader(wrWebRequest.GetResponse().GetResponseStream());
//and read the response
string responseData = responseReader.ReadToEnd();
responseReader.Close();
string result = System.Web.HttpContext.Current.Server.UrlDecode(responseData);
string[] arrResult = result.Split('&');
Hashtable htResponse = new Hashtable();
string[] responseItemArray;
foreach (string responseItem in arrResult)
{
responseItemArray = responseItem.Split('=');
htResponse.Add(responseItemArray[0], responseItemArray[1]);
}
return htResponse;
}
Here are a collection of screen shots to show the various components of the SSL Machine:
This is the SSL Binding Settings in IIS:
Here is an overview of the installed Certs:
This is the Error I receive:
Certs Installed:
Certificate Details
Any advice on fixing this error would be most appreciated. Some possibilities I've considered but not addressed are:
- Could the request be taking too long? It seems fast enough... but I've read this could be a problem.
- In Internet Explorer, I do see the Green "SSL Bar" which shows this site is verified as being secure. This tells me the Cert is installed correctly, is this true?
- Is there a simple test I can perform with a HTTP request of some kind to help narrow down the source of the problem?
- Could this have anything to do with PayPal? Is it possible paypal is rejecting the request due to credentials on their end?
- Would implementing an ICertificatePolicy Interface be of any help in debugging the issue? I'm hoping I can just fix it.
I would think that either the SSL would work or not, it has no bearing/dependency on PayPal at all... but I could be wrong.
I feel like I should be able to just use the Name Value Pair URL which is built by the WebClient class, and send that over the pipe via IE and receive a response.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/6f1ER.jpg', '推荐 走好不送 的文章《SSL Failures - Receiving SSL/TLS exception when us》','https://www.manongdao.com/article-340675.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}