question

SagarPattnayak-1519 avatar image
0 Votes"
SagarPattnayak-1519 asked SagarPattnayak-1519 commented

Certificate Error in Console Application

Hi,
I have a console application which connects to docuemntum (OpenText D2) system using DFS Dlls to run queries and get data. The application runs fine in our olders VMs (OS Win Server 2012 R2).

However the same application does not run on a recently created VM (OS Windows Server 2019). I am getting an error

"System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority '<documentum end point url>'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel."

I have downloaded the certificate by opening the documentum end point url on browser and installed it on Trusted Root Store. I have also tried completely disabling the certificate from code like below.

ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidateCertificate);
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;

Any idea what could be going wrong. Is it something at OS level that i need to check, because as I mentioned earlier the app is working in Server 2012 but not in Server 2019.

Please help!!

Br
Sagar

vs-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vb2ae avatar image
0 Votes"
vb2ae answered SagarPattnayak-1519 commented

SSL3 is no longer supported and should be disabled on Server 2019. You need to use tls 1.2 or 1.1

Try changing code to

  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
    | SecurityProtocolType.Tls11
    | SecurityProtocolType.Tls12;

You of course need to make sure TLS 1.1 or 1.2 is enabled on <documentum end point url>

https://us-cert.cisa.gov/ncas/alerts/TA14-290A


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HI @vb2ae

Thanks for your response. Actually I tried all combination of code and nothing is working. Strange thing is that the same code works on Server 2012 machine without even using any TLS in the code. DO you think is it something related to OS?

Br
Sagar

0 Votes 0 ·
vb2ae avatar image vb2ae SagarPattnayak-1519 ·

Couple of things come to mind. If you can I would use an ssl checker on the domain and see what it says. Maybe it will give you some suggestions. As for the server 2012 are you sure it has been patched for the poodle and heartbleed ssl vulnerabilities?

0 Votes 0 ·

Yes Server 2012 is patched with latest updates. One thing I noticed is that if I open the URL in IE 11 it straight away denies that.. but opens in Chrome and Edge. This is strange for me.

0 Votes 0 ·