1

I'm trying to talk to a REST web service that requires certificates to make the call. I got two files from my client - a *.pem and a *.key file.

Using these two files, I can make the call to that web service on the command line using curl:

curl.exe -k -v "MyUrl" --cert mycert.pem --key mycertkey.key

This works. But I would like to use Fiddler and ultimately my own C# code to make that call - but how??

In Fiddler, I'm reading about having to provide the certificate as a ClientCertificate.cer file in a specific directory..... but I have a .pem and a .key file - how do those "translate" into a *.cer file?

And how can I use those *.pem and *.key files in my own C# code to make a call to that web service (using RestSharp or just a plain WebRequest) ?

Update: following the answer by Drew Burchett, I imported my .pem file into the certificate store on my machine, and then exported it to a .cer file ("DER-encoded, binary") and placed it in Fiddler's folder. When attemping a call to the REST service, I still get this error from Fiddler:

[Fiddler] The connection to '......' failed.
System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https; HTTPS handshake to (url) failed.
System.Security.Authentication.AuthenticationException Error with SSPI call, see internal exception; the format of the received message was unexpected or erroneous

Funny enough, the last paragraph (the System.Security.Authentication.AuthenticationException paragraph) shows up in German on my system, while the rest is in English.... odd......

Update #2:
Attempting this in C# code using the WebRequest with the https:// prefix and the certificate installed in the certificate store (my own certificates, trusted root certificates) fails with an error:

System.Net.WebException was caught
HResult=-2146233079
Message=The request was aborted: no secure SSL/TLS channel could be established.

Any ideas?

Improve this question

1 Answer 1

Reset to default
1

You should be able to translate the .pem file into a .cer file through certificate manager. In Windows 7, click Start | Run and type in certmgr.msc. In Windows 8, right-click on the start button and select Run. Type in certmgr.msc and click OK. Once you have the certificate manager open:

  1. Expand the Personal folder and click on the Certificates folder
  2. Right-click on the Certificates folder (or the Personal folder if Certificates does not exist) and click Import.
  3. Browse to where your .pem file is saved and select it.
  4. Select to import the certificate into the specified folder.

Once the import process is complete, you should see the certificate. You can then right-click on it and select Export. Choose the .cer file and provide a path and filename to save the certificate.

If this is a certificate used to identify the server you are connecting (I would suspect that it is) and it is a self-signed certificate, in order to use it in your C# code, you'll need to place it in your Trusted Root Certification Authority folder. Then, when you call the service using a WebRequest and an https prefix, the certificate will be trusted and the call will succeed. You can either use the procedure above to import the certificate into the proper folder or you can embed the certificate in your application's "Root" folder using a method found at Microsoft:

  1. Export the server cert to a .der file
  2. Include the cert in your application (I put mine in the Assets Directory) Right click on the cert after you include it in your project and a. set the Build Action to Content b. set the Copy to Output Directory to Copy always

  3. Open the package.appxmanifest in the text or XML editor by right clicking on it and add your cert to the "Root"

     <Extensions> <!--Certificates Extension--> <Extension Category="windows.certificates"> <Certificates> <Certificate StoreName="Root" Content="Assets\jsanders4.cer" /> </Certificates> </Extension>

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Thanks, I followed your steps, got a .cer file, stored it as ClientCertificate.cer in the Fiddler folder - and the error is still the same.... [Fiddler] The connection to '......' failed. System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https; HTTPS handshake to (url) failed. System.Security.Authentication.AuthenticationException Error with SSPI call, see internal exception; the format of the received message was unexpected or erroneous
I'm not familiar with using Fiddler, but when I was rolling my own WCF services with certificates and got an SSPI error, it almost always meant that the RSA key either was not associated with the certificate property or did not exist. A .cer file would not contain an RSA key so that may be the problem. I would try importing the .pem file into your Trusted Root Certification Authority folder and see if that clears up the problem.
I tried your tip - unfortunately, it doesn't change anything at all :-( The error in Fiddler is still the same ....
Is there any way to see the internal exception to which it is referring? That may provide some clarity.
I'm sorry - I have no idea how to do that in Fiddler :-( .... I get this stuff returned just as a simple text string, and I didn't find any settings or options to tell Fiddler to return that inner exception :-(
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.