1

I just can't see what I'm doing wrong. I have a certificate that I obtained (not self signed). I have a pfx file and a password. I added the certificate in Postman and the API call works. I try to add the same certificate using RestSharp and it fails - the server returns a 400 error with a message saying no SSL certificate was supplied.

 public void AttachCertificate(RestClient client)
        {
            try
            {
                
                X509Certificate2 cert = new X509Certificate2(@"C:\...\xxx.pfx", "-password-");
                if (client.Options.ClientCertificates == null) client.Options.ClientCertificates = new X509CertificateCollection();
                if (cert != null) client.Options.ClientCertificates.Add(cert);
            } catch(Exception ex)
            {
                var x = ex;
            }

       
        }

I can see the certificate is there (in RestClient.Options.ClientCertificates) in debugger after this code runs. This is in .Net Core 3.1

DavidCC
  • 315
  • 2
  • 10
  • 1
    How do you send the certificate via postman? – Chetan Aug 31 '22 at 01:25
  • In the postman settings you can add certificates. – DavidCC Aug 31 '22 at 03:39
  • Does this answer your question? [Add certificate on request with RestSharp](https://stackoverflow.com/questions/49069197/add-certificate-on-request-with-restsharp) – Mohammad Aghazadeh Aug 31 '22 at 03:46
  • I tried implementing the servicePointManager code, it didn’t help. The only difference now is the webProxy line I’ll give it a try – DavidCC Aug 31 '22 at 14:01
  • Have you tried inspecting the HTTP request using a tool like Fiddler? What's the difference between what you see in Postman and .NET Core 3.1? – Matt Ruwe Aug 31 '22 at 14:56
  • Fiddler strips and replaces the certificates capturing traffic, so even the postman requess fail when fiddler is running. – DavidCC Aug 31 '22 at 16:43

1 Answers1

2

I figured it out by looking at the source for RestSharp RestClient. In the constructor for RestClient it configures the HttpMessageHandler (HttpClientHandler class) and adds any certificates from RestClient Options. But if you add the certificate to the Options object after the fact (as I was doing), it never goes on to update the underlying HTTP objects.

I'm sure this same issue impacts CookieContainer, AutomaticDecompression, Credentials, Proxy, FollowRedirects, PreAuthenticate, RemoteCertificateValidationCallback options on the HttpClientHandler object; and MaxTimeout, UserAgent and Expect100Continue options on the HttpClient.

IMHO either: setting any of these Options after the RestClient is constructed should cascade to the underlying objects, OR the Options object should be read-only. But that is a decision for the RestSharp developers...

I have just tested my code that I changed to get the PFX certificate BEFORE creating the RestClient, and setting it in the RestClient Options object as passed into the RestClient constructor - and it worked.

DavidCC
  • 315
  • 2
  • 10