An error occurred while sending the request. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

rajanadar / VaultSharp

A comprehensive cross-platform .NET Library for HashiCorp's Vault, a secret management tool

http://rajanadar.github.io/VaultSharp

Apache License 2.0

493 stars 134 forks source link

An error occurred while sending the request. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. #321

Closed tanishagarg-sf closed 2 months ago

tanishagarg-sf commented 1 year ago

Describe the bug A one liner of what the bug is. Error: ---> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

VaultSharp Version The version of VaultSharp package being used VaultSharp.1.4.0.1

Vault Version The version of Vault server being used

Does this work with Vault CLI? Yes/No Yes using curl commands

Any additional info Helpful info

konidev20 commented 1 year ago

Hey @tanishagarg-sf,

I see that the remote certificate validation is failing in the HTTP Client being used by the VaultSharp library. The error is The remote certificate is invalid according to the validation procedure.

This usually occurs when the server's certificate is not in the trust store of the client machine or if the server certificate is invalid.

Request you provide more information about the vault server setup:

Does it have a self-signed certificate or
Does it have a Global CA signed certificate with valid intermediate CA certs?

PS: I experienced the same issue when I did not have the Server CA or cert installed in the trust store of my client application host. I also experienced this issue when the certificate of the server had expired.

Thanks, @konidev20

tanishagarg-sf commented 1 year ago

Hi @konidev20 I resolved this error by adding server CA root to Trust store. Can you please help with below ?

After this, i am seeing this error, vaultsharp.core.vaultapiexception {"errors":["tls connection required"]}, if you want i can paste details here as well. Thanks!

konidev20 commented 1 year ago

Hey @tanishagarg-sf,

It looks like a configuration issue. I will try to support you on StackOverflow.

Request @rajanadar to close this issue.

tanishagarg-sf commented 1 year ago

Sure @konidev20 Please help this second issue as well along, this one of my friend raised as i was not able to post. Thanks!

konidev20 commented 1 year ago

Hey @tanishagarg-sf ,

Since your connection is going through a proxy. Have you checked if the connection between the proxy, I reckon the TLS connection is being terminated on the proxy. Ideally, from the proxy there must be another TLS connection to the Vault Server.

I couldn't answer on StackOverflow.