Home/ Questions/Q 7521921
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T02:22:10+00:00

I have 2 client authentication certificates issued by the same certificate authority. One of

  • 0

I have 2 client authentication certificates issued by the same certificate authority. One of them enables me to connect to a HTTPS webservice, but the other does not when I use code similar to the following:

HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create( endPointUrl );
X509Store store = new X509Store( StoreName.My, StoreLocation.LocalMachine );
store.Open( OpenFlags.MaxAllowed );
X509CertificateCollection col = (X509CertificateCollection)store.Certificates.Find( X509FindType.FindBySerialNumber, certificateSerialNumber, true );
httpWebRequest.ClientCertificates.Add( col[0] );
httpWebRequest.Method = "POST";
httpWebRequest.ContentType = contentType;
httpWebRequest.KeepAlive = false;
httpWebRequest.Timeout = 3000;
httpWebRequest.ContentLength = message.Length;
httpRequestStream = httpWebRequest.GetRequestStream();

When attempting to get the request stream, I get an InvalidOperationException with the message “The operation has timed out”.

I’ve used System.Net.trace when attempting to connect with the certificate that fails and the log shows a connection timeout before “Attempting to restart the session using the user-provided certificate” and just after the first InitializeSecurityContext.

Wireshark show the following:

"TCP","j-link > https [SYN] Seq=0 Win=65535 Len=0 MSS=1260 SACK_PERM=1"
"TCP","https > j-link [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=1380"
"TCP","j-link > https [ACK] Seq=1 Ack=1 Win=65535 Len=0"
"TLSv1","Client Hello"
"TLSv1","Server Hello"
"TCP","[TCP segment of a reassembled PDU]"
"TCP","j-link > https [ACK] Seq=78 Ack=2521 Win=65535 Len=0"
"TLSv1","Certificate, Certificate Request, Server Hello Done"
"TCP","j-link > https [ACK] Seq=78 Ack=3187 Win=64869 Len=0"
"TCP","j-link > https [FIN, ACK] Seq=78 Ack=3187 Win=64869 Len=0"
"TCP","https > j-link [ACK] Seq=3187 Ack=79 Win=32768 Len=0"
"TLSv1","Alert (Level: Warning, Description: Close Notify)"
"TCP","j-link > https [RST, ACK] Seq=79 Ack=3194 Win=0 Len=0"

I can connect using OpenSSL from the command line using both certificates after exporting them and converting them to the PEM format.

Any suggestions would be greatly appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Thank you to Shawn’s question which helped me fix the timeout problem, which was due to the connection taking over 60 seconds to fail.

    I then got a “The request was aborted: Could not create SSL/TLS secure channel.” error, which was solved by using the Windows HTTP Services Certificate Configuration Tool and information I obtained here.

    • 0