The SSL connection could not be established

Yes, you can Bypass the certificate using below code...

HttpClientHandler clientHandler = new HttpClientHandler(); clientHandler.ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; }; // Pass the handler to httpclient(from you are calling api) HttpClient client = new HttpClient(clientHandler); 

As I worked with the Identity Server (.NET Core) and a Web API (.NET Core) on my developer machine, I realized that I need to trust the SSL certification of localhost. That command does the job for me:

dotnet dev-certs https --trust 

If you are adding an IHttpClient and injecting through DI, you can add the configuration on the Startup.cs class.

public void ConfigureServices(IServiceCollection services) { services.AddHttpClient("yourServerName").ConfigurePrimaryHttpMessageHandler(_ => new HttpClientHandler { ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; } }); } 

And then call it from your dependency injected class.

public class MyServiceClass { private readonly IHttpClientFactory _clientFactory; public MyServiceClass (IConfiguration configuration, IHttpClientFactory clientFactory) { _clientFactory = clientFactory; } public async Task<int> DoSomething() { var url = "yoururl.com"; var client = _clientFactory.CreateClient("yourServerName"); var result = await client.GetAsync(url); } } 

Installing the .NET Core SDK installs the ASP.NET Core HTTPS development certificate to the local user certificate store. The certificate has been installed, but it's not trusted. To trust the certificate, perform the one-time step to run the dotnet dev-certs tool:

dotnet dev-certs https --trust 

for more information visit this link

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => { // local dev, just approve all certs if (development) return true; return errors == SslPolicyErrors.None ; }; 

This blog helped me

https://www.khalidabuhakmeh.com/validate-ssl-certificate-with-servicepointmanager

This worked for me,

Create a Splunk.Client.Context by providing custom HttpClientHandler, that will bypass SSL invalid cert errors.

HttpClientHandler handler = new HttpClientHandler(); handler.ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; }; // Create Context Context context = new Context(Scheme.Https, "localhost", 8089, default(TimeSpan), handler); // Create Service service = new Service(context); 

I had to turn off my VPN to get rid off this error.

You get this error because your app isn't able to validate the certificate of the connection, and it's especially common to use this for the API that creates the session/login tokens. You can bypass it in a dangerous way as shown above, but obviously that's not a good solution unless you're just testing.

The best and easiest solution is to use the "modernhttpclient-updated" Nuget package, whose code is shared in this GitHub repo where there's also a lot of documentation.

As soon as you add the Nuget package, pass in a NativeMessageHandler into you HttpClient() as shown and build: var httpClient = new HttpClient(new NativeMessageHandler());

Now you will notice that you got rid of that error and will get a different error message like this Certificate pinning failure: chain error. ---> Javax.Net.Ssl.SSLPeerUnverifiedException: Hostname abcdef.ghij.kl.mn not verified: certificate: sha256/9+L...C4Dw=

To get rid of this new error message, you have to do add the hostname and certificate key from the error to a Pin and add that to the TLSConfig of your NativeMessageHandler as shown:

var pin = new Pin(); pin.Hostname = "abcdef.ghij.kl.mn"; pin.PublicKeys = new string[] { "sha256/9+L...C4Dw=" }; var config = new TLSConfig(); config.Pins = new List<Pin>(); config.Pins.Add(pin); httpClient = new HttpClient(new NativeMessageHandler(true, config) 

Keep in mind that your other (non token generating) API calls may not implement certificate pinning so they may not need this, and frequently they may use a different Hostname. In that case you will need to register them as pins too, or just use a different HttpClient for them!

---------

Update 1: As Dan mentioned below, it could also be due to an expired Root Certificate that you might have to remove from the machine.

There is a more convenient method to set up a HttpClientHandler with AddHttpClient() method - ConfigurePrimaryHttpMessageHandler(). Reference - https://learn.microsoft.com/en-us/dotnet/core/extensions/httpclient-factory#configure-the-httpmessagehandler

Windows 10 add Group Policy configuration for elliptical curves under Computer Configuration > Administrative Templates > Network > SSL Configuration Settings. The ECC Curve Order list specifies the order in which elliptical curves are preferred as well as enables supported curves which are not enabled.

Added support for the following elliptical curves:

 BrainpoolP256r1 (RFC 7027) in Windows 10, version 1507 and Windows Server 2016 BrainpoolP384r1 (RFC 7027) in Windows 10, version 1507 and Windows Server 2016 BrainpoolP512r1 (RFC 7027) in Windows 10, version 1507 and Windows Server 2016 Curve25519 (RFC draft-ietf-tls-curve25519) in Windows 10, version 1607 and Windows Server 2016 

Reboot machine and success

issues

path

This is most likely caused by having your proxy configured incorrectly.

Unfortunately some of the newer Windows workstations are coming with this setup wrong.

Check your system environment variables by running the following script in a Windows command prompt.

Ultimately if your proxy values are configured, but don't have any NO_PROXY settings you are going to encounter issues when trying to reach internal services.

Ultimately I recommend unsetting the HTTP_PROXY and HTTPS_PROXY variables unless you know what they do, and what you need them for.

Also important, check the value of no_proxy and compare it with your co worker to see if there is any differences, sometimes a dot "." can make a difference.

For those who are trying to inject IHttpClient to a controller for me the solution was using a named client.

Inside the Program.cs configure the named client:

builder.Services.AddHttpClient("YourNamedClient").ConfigureHttpMessageHandlerBuilder(builder => { builder.PrimaryHandler = new HttpClientHandler { ServerCertificateCustomValidationCallback = (m, c, ch, e) => true }; }); 

And inside the controller:

 public class YourController: ControllerBase { private readonly HttpClient _httpClient; public YourController(IHttpClientFactory factory) { _httpClient = factory.CreateClient("YourNamedClient"); } } 

If you working in dotnet core (.net core) API or application. Then go to program file or startup class where you are registering DI and register HttpClient along with HttpClientHandler

as follows:

services.AddHttpClient("").ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler { ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; } });