The remote certificate is invalid according to the validation procedure

edwinschutten

The customer created a new test server. We installed Dynamics NAV2017 CU28.10.0.28682 version that connects to the existing test database.
We are using a webservice to send files to external party "HL". First we try to establish a connection by using HttpWebRequest with the HTTPS url of HL and with an Ocp-Apim-Subscription-Key in the header.
The connection failed with error ''The remote certificate is invalid according to the validation procedure".
When we do this with Postman, the connection is succesfully established.
So what is going wrong?

edwinschutten

We found the problem. When retrieving the certificate from the certificate authority, an URL of the revocation list was send back. This URL was different than the HTTPS URL.
Dynamics tried to retrieve the revocation list by using this URL, but the firewall was blocking the URL. Therefore the revocation list could not be checked and the HTTPS channel was not created.

A piece of the .Net debug information:

System.Net Information: 0 : [2884] SecureChannel#24816868 - Remote certificate has errors:
System.Net Information: 0 : [2884] SecureChannel#24816868 - The revocation function was unable to check revocation for the certificate.
System.Net Information: 0 : [2884] SecureChannel#24816868 - The revocation function was unable to check revocation because the revocation server was offline.
System.Net Information: 0 : [2884] SecureChannel#24816868 - Remote certificate was verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [2884] Entering Socket#34867337::Dispose()
System.Net Error: 0 : [2884] Exception in HttpWebRequest#50053605:: - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel..
System.Net Error: 0 : [2884] Exception in HttpWebRequest#50053605::GetResponse - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel..

frgusto

Hi @edwinschutten !
I am facing the same problem. Did you find any solution?

kriki

[Topic moved from 'General Chat' forum to 'NAV Three Tier' forum]

edwinschutten

We found the problem. When retrieving the certificate from the certificate authority, an URL of the revocation list was send back. This URL was different than the HTTPS URL.
Dynamics tried to retrieve the revocation list by using this URL, but the firewall was blocking the URL. Therefore the revocation list could not be checked and the HTTPS channel was not created.

A piece of the .Net debug information:

System.Net Information: 0 : [2884] SecureChannel#24816868 - Remote certificate has errors:
System.Net Information: 0 : [2884] SecureChannel#24816868 - The revocation function was unable to check revocation for the certificate.
System.Net Information: 0 : [2884] SecureChannel#24816868 - The revocation function was unable to check revocation because the revocation server was offline.
System.Net Information: 0 : [2884] SecureChannel#24816868 - Remote certificate was verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [2884] Entering Socket#34867337::Dispose()
System.Net Error: 0 : [2884] Exception in HttpWebRequest#50053605:: - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel..
System.Net Error: 0 : [2884] Exception in HttpWebRequest#50053605::GetResponse - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel..