Tags
D365, Microsoft Dynamics CRM, SSL, SSL Security Error, The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel, TLS
Hello Everyone,
In my previous blog I settled my SSL Certificate issue and was able to bind it successfully with my CRM. To start with development, we created a web-api and hosted it on same IIS as in CRM; it is supposed to consume the CRM webservice to do the data verification operation.
When I started the Unit testing, it threw an error: Unable to Login to Dynamics CRM
I cross checked all the credentials and everything seemed to be in place. To make sure the connection, using the same code I created a console app and tried to connect to CRM, and it was connected! 😮
This gave me goosebumps; my last resort my to enable tracing and check for errors. I enabled the tracing and found the following 2 errors:
====================================================================================================================== Inner Exception Level 1 : Source : System Method : GetResponse Date : 8/12/2018 Time : 8:01:53 AM Error : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Stack Trace : at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper timeoutHelper) at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper) ====================================================================================================================== Inner Exception Level 2 : Source : System Method : StartSendAuthResetSignal Date : 8/12/2018 Time : 8:01:53 AM Error : The remote certificate is invalid according to the validation procedure. Stack Trace : at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) ======================================================================================================================
Now I knew the exact error; the hosted API was not able to maintain a trust connection with CRM because of the SSL certificate. I searched for an article to handle/ignore the SSL Certificate issue in my code and came acrosss this piece of code:
ServicePointManager.ServerCertificateValidationCallback = delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
I added it just before I start the connection to CRM and viola, it worked this time! 😀
While I was browsing through some articles, I found few articles which describe the issue in detail here and here; it’s worth reading them once for a better understanding of handling SSL cert in the code.
Hope this will be helpful. Thanks ! 🙂