0 votes
by (120 points)

Hi,

I've downloaded the trial version of Rebex HTTPS lib, and I'm facing an issue to make a HTTPS request on Xamarin.

I've a client certificate (a .p12 file), and there is a Server certificate (on the remote server).

When I try to connect to a remote URL with HTTPS and Client Certificate, I encounter an error :

{Rebex.Security.Certificates.CertificateException: Unable to open the certificate store 'CA'. ---> System.Security.Cryptography.CryptographicException: Store CA doesn't exists.

Here is some sample code :

CertificateChain certificate = CertificateChain.LoadPfx("/storage/emulated/0/xxx/yyy.p12", "mypassword");
bool time = certificate.LeafCertificate.IsTimeValid(); //true
bool key = certificate.LeafCertificate.HasPrivateKey(); //true
var usage = certificate.LeafCertificate.GetEnhancedUsage(); // contains "1.3.6.1.5.5.7.3.2"
HttpRequestCreator client = new HttpRequestCreator();
client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(certificate);
client.Settings.SslAllowedVersions = TlsVersion.TLS10;
client.ValidatingCertificate += Creator_ValidatingCertificate;
// register the HttpRequestCreator to be used instead of the system implementation
client.Register();
string uri = "https://xxxx/list";
try
{
// download a web page from the specified URI
WebRequest request = WebRequest.Create(uri);
WebResponse response = request.GetResponse();
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
string body = sr.ReadToEnd();
}
response.Close();
}
catch (Exception ex)
{
//Store not found here...
}

And the server validation :

private void Creator_ValidatingCertificate(object sender, SslCertificateValidationEventArgs e)
{
ValidationResult res = e.CertificateChain.Validate(e.ServerName, 0);
if (res.Valid)
{
e.Accept();
return;
}
//For test purpose : always accept
e.Accept();
}

Note : both certificate are not "valid" for the API (status is "Rebex.Security.Certificates.ValidationStatus.IncompleteChain | Rebex.Security.Certificates.ValidationStatus.OfflineRev | Rebex.Security.Certificates.ValidationStatus.UnknownRev") although those certificates are indeed ok !

Have you a working sample for Xamarin (Mono and .Net 4.6), with a client certificate ?

Thanks in advance

Applies to: Rebex HTTPS
by (144k points)
Please create a communication log using HttpRequestCreator's LogWriter property (as described at https://www.rebex.net/kb/logging/) and either add it to your question or mail it to support@rebex.net for analysis. Based on the log, we should be able to tell what is going on.
Additionally, which Xamarin platform are you targeting, and which version?
by (120 points)
Hi,

the log file is too big for the forum (8000 char max), so I will send you by mail.

Thanks !

1 Answer

0 votes
by (144k points)
edited by

Update for other users who might stumble upon this post: It turned out that Xavier1978 was using "netstandard2.0" DLLs on Xamarin.Android, which is not a supported platform for these yet - see our platform support chart for details. For now "xamarin.android" DLLs should be used on this platform.

For client authentication with a certificate in .P12/.PFX file, see the instructions here: Client certificate authentication.

Update: This problem has been resolved in 2019 R3 release. However, please note that "netstandard2.0" DLLs are still not officially supported on Xamarin.Android (use "xamarin.android" DLLs instead).

...