HTTPS on Xamarin

Question

Hi,

I've downloaded the trial version of Rebex HTTPS lib, and I'm facing an issue to make a HTTPS request on Xamarin.

I've a client certificate (a .p12 file), and there is a Server certificate (on the remote server).

When I try to connect to a remote URL with HTTPS and Client Certificate, I encounter an error :

{Rebex.Security.Certificates.CertificateException: Unable to open the certificate store 'CA'. ---> System.Security.Cryptography.CryptographicException: Store CA doesn't exists.

Here is some sample code :

CertificateChain certificate = CertificateChain.LoadPfx("/storage/emulated/0/xxx/yyy.p12", "mypassword");
bool time = certificate.LeafCertificate.IsTimeValid(); //true
bool key = certificate.LeafCertificate.HasPrivateKey(); //true
var usage = certificate.LeafCertificate.GetEnhancedUsage(); // contains "1.3.6.1.5.5.7.3.2"
HttpRequestCreator client = new HttpRequestCreator();
client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(certificate);
client.Settings.SslAllowedVersions = TlsVersion.TLS10;
client.ValidatingCertificate += Creator_ValidatingCertificate;
// register the HttpRequestCreator to be used instead of the system implementation
client.Register();
string uri = "https://xxxx/list";
try
{
// download a web page from the specified URI
WebRequest request = WebRequest.Create(uri);
WebResponse response = request.GetResponse();
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
string body = sr.ReadToEnd();
}
response.Close();
}
catch (Exception ex)
{
//Store not found here...
}

And the server validation :

private void Creator_ValidatingCertificate(object sender, SslCertificateValidationEventArgs e)
{
ValidationResult res = e.CertificateChain.Validate(e.ServerName, 0);
if (res.Valid)
{
e.Accept();
return;
}
//For test purpose : always accept
e.Accept();
}

Note : both certificate are not "valid" for the API (status is "Rebex.Security.Certificates.ValidationStatus.IncompleteChain | Rebex.Security.Certificates.ValidationStatus.OfflineRev | Rebex.Security.Certificates.ValidationStatus.UnknownRev") although those certificates are indeed ok !

Have you a working sample for Xamarin (Mono and .Net 4.6), with a client certificate ?

Thanks in advance

Comments

Please create a communication log using HttpRequestCreator's LogWriter property (as described at https://www.rebex.net/kb/logging/) and either add it to your question or mail it to support@rebex.net for analysis. Based on the log, we should be able to tell what is going on.
Additionally, which Xamarin platform are you targeting, and which version?

---

Hi,

the log file is too big for the forum (8000 char max), so I will send you by mail.

Thanks !

Answer 1

Update for other users who might stumble upon this post: It turned out that Xavier1978 was using "netstandard2.0" DLLs on Xamarin.Android, which is not a supported platform for these yet - see our platform support chart for details. For now "xamarin.android" DLLs should be used on this platform.

For client authentication with a certificate in .P12/.PFX file, see the instructions here: Client certificate authentication.

Update: This problem has been resolved in 2019 R3 release. However, please note that "netstandard2.0" DLLs are still not officially supported on Xamarin.Android (use "xamarin.android" DLLs instead).