As described in this question I'am able to connect with Swish using their test account and test certificate.
However when using my own generated certificate I still get the generic error Could not create SSL/TLS secure channel using C# HttpClient.
I have been following these guides for Swish certificate administration:
https://www.getswish.se/content/uploads/2015/11/Guide-Certifikatsadministration_20151210.pdf
Since we are using IIS I created the certificate signing request using this: IIS -> Server Certificates -> Create Certificate Request…. I choose Microsoft RSA Schannel Cryptographic Provider with a bit length of 2048 since the documentation says it should be PKCS#10 with 2048-bit RSA key. My theory is that I'm doing something wrong here. Since we are developing this now and the application is not running on a domain name yet I set Common Name to localhost. Could this be the problem and If so what value should I put there for it to work from our environments? The test certificate works without a problem as I mentioned before.
After this I pasted the value from the file created at the service https://getswishcert.bankgirot.se/ and got a PKCS#7-file back (.p7b, also tried with .pem).
I then wen't to IIS -> Server Certificates -> Complete Certificate Request… to import the file.
When imported the Certification Path and everything else looks good as far as I can tell.
I also tried exporting the certificate to .pfx via MMC -> Select certificate -> right click -> All Tasks -> Export. Choose to export it with private key and password protected. Then imported it under Certificates - Current User. I can then choose the certificate in Chrome but I get the error `ERR_SSL_PROTOCOL_ERROR. The test certificate works in Chrome as well.
Turned out the certificate was OK. The problem was that the application was trying to connect to
https://mss.swicpc.bankgirot.se/(test environment) with the live certificate instead ofhttps://swicpc.bankgirot.se/(live).Found with logging from here.