How to make a rest call over ssl to a service in Azure service fabric from local machine?

Question

I have followed this https://matt.kotsenas.com/posts/https-in-service-fabric-web-api, created a service in service fabric. The cert was created from KV. I downloaded certificate from KV. And I'm trying to call from my local mahchine. But I get 403 exception.

            var handler = new HttpClientHandler(); 

            var bytes = File.ReadAllBytes(certPath); 

            var cert = new X509Certificate2(bytes); 

 

            handler.ClientCertificates.Add(cert); 

            var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, apiUrl); 

            var httpClient = new HttpClient(handler); 

 

            var response = httpClient.SendAsync(httpRequestMessage).Result; 

Exception: Inner Exception 1: HttpRequestException: An error occurred while sending the request.

Inner Exception 2: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Inner Exception 3: AuthenticationException: The remote certificate is invalid according to the validation procedure.

How can make this call?

Answer 1

The exceptions shows that the remote certificate is invalid according to the validation procedure. Check if the certificate is installed correctly on the machine.

Enabling HTTPS in an ASP.NET Core service running on Service Fabric.

If you have a certificate PFX file, import the certificate into the certificate store.

PS C:\mycertificates> Import-PfxCertificate -FilePath .\mysslcertificate.pfx -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString "!Passw0rd321" -AsPlainText -Force)

private X509Certificate2 FindMatchingCertificateBySubject(string subjectCommonName)
{
    using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
    {
        store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
        var certCollection = store.Certificates;
        var matchingCerts = new X509Certificate2Collection();
    
    foreach (var enumeratedCert in certCollection)
    {
      if (StringComparer.OrdinalIgnoreCase.Equals(subjectCommonName, enumeratedCert.GetNameInfo(X509NameType.SimpleName, forIssuer: false))
        && DateTime.Now < enumeratedCert.NotAfter
        && DateTime.Now >= enumeratedCert.NotBefore)
        {
          matchingCerts.Add(enumeratedCert);
        }
    }

        if (matchingCerts.Count == 0)
    {
        throw new Exception($"Could not find a match for a certificate with subject 'CN={subjectCommonName}'.");
    }
        
        return matchingCerts[0];
    }
}

Adding TLS/SSL certificates in Azure App Service

And configuring TLS mutual authentication for Azure App Service.

For more information, refer to the MS Doc and SO Link.