Certificate retrieval at SwissSign fails, “The request was aborted: Could not create SSL/TLS secure channel”
Error:
Although the configuration for SwissSign is correct under “Cryptographic key providers” and all gateway roles have access to ra.swisssign.net via TCP 443 (https), the following error message appears in the event log when retrieving certificates:
ID: 026f7e58-9be2-4434-b562-11016c181bfd
Created: 12.06.2015 12:15:56
Mail address: Test.Benutzer@nospamproxy.de
Request type: CertificateRequest
Request status: Failed
Failure status: TrustCenterError
Error text: Unexpected error: Message:
An error occurred while sending the request.
Error type:
System.Net.Http.HttpRequestException
Error code: 2148734208
Program location:
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Netatwork.NoSpamProxy.Cryptography.SwissSignCertificateProvider.<EnrollAsync>d__e.MoveNext()
The request was aborted: Could not create SSL/TLS secure channel.
Message:
The request was aborted: Could not create SSL/TLS secure channel.
Error type:
System.Net.WebException
Error code: 2148734217
Program location:
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
Subject name:E=test.benutzer@nospamproxy.de, CN=Secure Mail: Gateway Certificate
Cause:
Both in the certificate store of the computer account of one or all gateway roles and in the certificate store of the NoSpamProxy Encryption Gateway there is the pseudo-AutoRAO service certificate for authentication at the service provider SwissSign.
Solution:
- Under “Cryptographic key providers” open the configuration for the provider SwissSign. Here you will find the deposited pseudo AutoRAO certificate.
- Click on the certificate to display its details. These details are helpful for identifying the correct certificate in the certificate store of the computer account.
- Open “mmc.exe” as administrator on the gateway role.
- Click File and Add/Remove Snap-in.
- Select Certificates and click Add.
- A new window appears in which you select the “Computer account”.
- Click”Next”.
- Select the “Local computer”.
- Click “Finish”.
- Return to the snap-in selection and confirm with “OK”.
- Navigate to “My certificates” and find the pseudo AutoRAO service certificate.
- Select the certificate and delete it.
- Restart the affected Windows system of the gateway role.
If necessary, repeat these steps for all other gateway roles.