Menu
homeErrors

Failed to create ssl connection. Failed to create ssl tls secure channel. Which version of Sharpay should I install?

» provided unique opportunity sending boundary and technical plans to Rosreestr through direct interaction channels (in other words, directly from the program).

In this article, we will look at the most common errors that occur when sending survey and technical plans using the “” program as an example.

In order to send a boundary plan from the "" program, you must generate an application in electronic form. The program provides the ability to generate an Application using 2 XML schemas:

  • Reguests_GZK_Realty versions 17 ;
  • StatmentGKN versions 01 .

Note: For more information on how to fill out an application using a particular XML schema, see the article “”.

Let's move on directly to the consideration of errors that arise when sending boundary and technical plans to Rosreestr through direct interaction channels.

1 error. Please note that additional documents must be sent through the program to Rosreestr only with an application generated according to the XML schema Reguests_GZK_Realty versions 17 .

According to the new XML schema StatmentGKN versions 01 additional documents don't pass, but an error is thrown “Verification failed. FLC, or the digital signature verification has not been passed. Unknown application type" .

Solution: If you receive this error when sending additional documents from the program, create an application using the XML schema Reguests_GZK_Realty versions 17 and resend the package.

2 error. Error "The request could not be completed. Error: The remote server returned an error (500). Internal Server Error" usually appears when sending a ZIP archive of a boundary plan generated without an application.

Solution: install in window "Settings" ticks:

  • “Create a package (ZIP archive and application) for transmission through direct interaction channels”;
  • “Generate StatementGKN version 01”
  • “Generate a statement when uploading XML”;
  • “Attach an XML application to a ZIP archive”.

Fig.1. "Settings" window.

Next, fill out the application (when uploading, two XML files will be generated: an application and a boundary plan) and create a ZIP archive with the prefix req. In addition, the error may appear if a long path to the ZIP archive is specified. In this case, we recommend shortening the path to the ZIP archive.

3 error. "The request could not be completed. Error: The request was aborted: Could not create SSL/TLS Secure channel"

"The request could not be completed. Error: The request was aborted. Failed to create SSL/TLS secure channel"

Solution: To eliminate this error, you need to check your electronic signature certificate (ES), namely:

  • Check whether the sender certificate is selected correctly in the program settings (in the "Settings" on the tab "Dispatching" in field "! Sender Certificate"):


Fig.2. "Settings" window, "Sending" tab.

    The ES certificate must be installed in the Personal storage;

    Check if the container with the private key is inserted (for example, smart card, flash drive). *The private key can be stored on a computer rather than on removable media.

    Check whether the ES certificate has a “TLS client” purpose. To resolve this issue, you must contact the certification center where you purchased the signature.

    Crypto provider must be installed CryptoPro CSP.

    Check whether the electronic signature has expired.

    Find out whether your ES is intended to work with Rosreestr and whether it is an enhanced, qualified ES of a cadastral engineer. If necessary, contact the certification center (see “).

Please read the system requirements for this service on our forum at the link: .

4 error. "The request could not be completed. Error: The request was aborted: The request was canceled"

“Failed to complete the request. Error: The request was aborted: The request was cancelled"

This error is usually due to the fact that the size of the ZIP archive being sent is too large.

Solution: in the window "Settings" on the tab "Dispatching" increase the timeout for the Rosreestr portal in the field “Timeout for the Rosreestr portal (sec.)”, for example, up to 800 sec.


Fig.3. "Settings" window, "Sending" tab.

Note: Please note that Rosreestr has established restrictions on ZIP archives sent via direct interaction channels. The size of the ZIP archive sent via direct communication channels should not exceed 50 MB.

5 error. "The sending module could not be opened. The CAPICOM.dll library may not be installed or installed incorrectly. The functions for sending requests to the Rosreestr portal are not available."

“The send module file is corrupt. Recent changes are lost, open the last saved file? CAPICOM is not installed or installed incorrectly. The functions for sending requests to the Rosreestr portal are not available."

This error occurs due to incomplete access to the sending module.

Solution: it is necessary to delete and restore the sending log. To do this, go to the folder where the program is installed and delete the files exch.log And exch_bak.log . After that in the window “Exchange of information with Rosreestr” click on the triangle next to the button "Settings" and select "Restore log".

We looked at the most common errors when sending both boundary and technical plans directly from the series programs "Polygon".

If the error you are interested in is not described in this article, you can always contact the technical support department specialists to solve the problem using a toll-free phone number. 8-800-100-58-90 or by email: .

We are always happy to help you!

If you are sending additional packages, do not check this box and create an application according to the Reguests_GZK_Realty scheme version 17.


Number of impressions: 7151

We created a certificate on one machine. I installed it on another one in Personal. The application is trying to connect to the download of the XML file - an error occurs: it was not possible to create a secure ssl tls channel.
Need help solving a problem.

Class MyCerts ( private static int CERT_STORE_PROV_SYSTEM = 10; private static int CERT_SYSTEM_STORE_CURRENT_USER = (1<< 16); //private static int CERT_SYSTEM_STORE_LOCAL_MACHINE = (2 << 16); public static extern IntPtr CertOpenStore(int storeProvider, int encodingType, int hcryptProv, int flags, string pvPara); public static extern IntPtr CertEnumCertificatesInStore(IntPtr storeProvider, IntPtr prevCertContext); public static extern bool CertCloseStore(IntPtr storeProvider, int flags); X509Certificate2Collection m_certs; public MyCerts() { m_certs = new X509Certificate2Collection(); } public int Init() { IntPtr storeHandle; storeHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, "MY"); IntPtr currentCertContext; currentCertContext = CertEnumCertificatesInStore(storeHandle, (IntPtr)0); int i = 0; while (currentCertContext != (IntPtr)0) { m_certs.Insert(i++, new X509Certificate2(currentCertContext)); currentCertContext = CertEnumCertificatesInStore(storeHandle, currentCertContext); } CertCloseStore(storeHandle, 0); return m_certs.Count; } public X509Certificate2 this { get { if (index < 0 || index > m_certs.Count) return null; else return m_certs; ) ) ) class MyHttpResource ( String m_url; public MyHttpResource(string url) ( m_url = url; ) public void GetFile() ( HttpWebResponse result = null; //================ ============================================================= System.Net. ServicePointManager.CertificatePolicy = new MyPolicy(); ======================= try ( HttpWebRequest req = (HttpWebRequest)WebRequest.Create(m_url); req.Credentials = CredentialCache.DefaultCredentials; //req. ClientCertificates.Add(X509Certificate2.CreateFromCertFile("C:\\Temp\\cert\\c1.cer")); MyCerts mycert = new MyCerts(); if (mycert.Init() > 0) req.ClientCertificates.Add( mycert); Console.WriteLine(mycert.Thumbprint); Console.WriteLine(mycert.Thumbprint); result = (HttpWebResponse)req.GetResponse(); StreamWriter writer = new StreamWriter(@"C:/123.txt"); ReceiveStream = result.GetResponseStream(); #region For XML files Encoding encode = System.Text.Encoding.Default; #endregion #region For sites //Encoding encode = System.Text.Encoding.GetEncoding("utf-8"); #endregion StreamReader sr = new StreamReader(ReceiveStream, encode); Console.WriteLine("\r\nResponse stream received"); Char read = new Char; int count = sr.Read(read, 0, 256); Console.WriteLine("HTTP Response...\r\n"); while (count > 0) ( String str = new String(read, 0, count); Console.Write(str); writer.WriteLine(str); count = sr.Read(read, 0, 256); ) writer. Close(); ) catch (WebException e) ( Console.WriteLine(e.Message); ) finally ( if (result != null) ( result.Close(); ) ) ) ) //=========== ===================================================== = public class MyPolicy: ICertificatePolicy ( public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) ( return true; ) ) //==== ========================================================= class CertSample ( static void Main( string args) ( //Console.WriteLine("Where should we cut?"); //string str = Console.ReadLine(); //if (!str.StartsWith("http://")) // if(! str.StartsWith("https://")) // str = "http://" + str; string str = @"https://192.168.191.248/xml/80020.xml"; Connect to "+str); try ( MyHttpResource hr = new MyHttpResource(str);//"http://br.so-ups.ru/Public/Docs/DocList.aspx" hr.GetFile(); ) catch ( Exception e) ( Console.WriteLine(e. Message); ) return; ) )

I have a web service that I registered via "add service reference" that requires HTTPS and a certificate. Below is my code to instantiate my service:

Service = new MyReferencedWebService(); X509Certificate2 cert = new X509Certificate2(); var stream = Assembly.GetExecutingAssembly().GetManifestResourceStream("Mycert.cer"); var bytes = new byte; stream.Read(bytes, 0, bytes.Length); cert.Import(bytes, MYPASSWORD, X509KeyStorageFlags.DefaultKeySet); service.ClientCredentials.ClientCertificate.Certificate = cert;

and my config looks like this:

If I create a simple winforms.exe and use the above code, I get a response from my web service. However, if I put this same code in ASP.NET, I get the following:

The request was aborted: the SSL/TLS secure channel could not be created.

How to do this in ASP.NET?

EDIT: I should add. The client certificate I use is tied to a smart card and requires a PIN to be entered in order to be used. Not sure if that matters or not.

When a client logs into the application, it asks them for their certificate PIN. In this case, they have a CAC card inserted into the CAC reader. Maybe I can use Request.ClientCertificate somehow?

3 answers

What's your plan here? In other words:

Who will enter the PIN? Who is going to insert a smart card?

You cannot establish a secure channel between an ASP.NET web server and a web service without a smart card and output because the client (i.e. the ASP.NET web server) must access the private key on the smart card (and you need a pin for this). I'm afraid the only way to get this to work is to obtain the entire certificate (including the private key) from the smart card (which must be very difficult, if not impossible, by design).

Your best course of action:

A) Request a "server certificate" (not a smart card) that can be used as a client certificate for the channel between the ASP.NET web server and the target web service.

B) Redesign the solution so that clients (people who have smart cards and contacts) connect directly to the secure web service using a smart card and PIN.

Is the certificate root certificate available? If you imported it yourself, it was imported into the user certificate store, which iis can't access (import it into the store instead)

The documentation for the class constructor says that the class will access the CSP to store the certificate's private key (for pfx). This shouldn't be necessary for the cer file, but perhaps you're still running into permission issues if you're running as an application pool user?

Try switching the application pool to run as a user with permissions and see if that helps, or try importing the certificate into the machine's certificate store and accessing it.

WCF Client Configuration

Just in case, make sure your endpoint address is of the form:

"https://hostname[:port]/ServiceDirectory/MyService.svc"

Assuming your service configuration is correct, your ASP.NET application binding configuration should be:

The problem you may encounter is passing/supplying the client certificate to your service.

If your service is hosted on IIS 6.0 or IIS 7.0, you must configure the IIS hosting your WCF service to accept client certificates.

Your asp.net application is a WCF client. See this page on using a smart card certificate and Securing WCF services with certificates.

You will also need a server SSL certificate, which will be installed in IIS where you host your WCF service to support HTTPS.

WCF Service Configuration

The service endpoint must enable a secure HTTP binding, as well as the service behavior to enable httpsGetEnabled and disable httpGetEnabled:

You must use the digital signature received from your special communications operator. The one you use to send reports to other government agencies (PF, Federal Tax Service, Social Insurance Fund, etc.)

2. Which version of Sharpay should I install?

To find out the bit depth your Windows needs:

    Right click on "My Computer"

    Select Properties

    If you have a 64-bit system written in the “System” - “System type” section, it means 64-bit, in other cases it’s 32-bit.

3. When registering in the WEB collection system, a message appeared that such an organization already exists

If you receive an error during registration, an organization with such OKPO is already registered, which means information about the organization is already present in the reporting collection system. Such information enters the system from the Unified Reporting Reception Module.

In this case, it is necessary:

  1. Send a letter to [email protected], indicating your data:
    • Name of company
    • In whose name the certificate was issued (with which you signed the statements) and by whom it was issued
    • Contact details
    • email address (required)
  2. After receiving a letter from you, TOGS employees will add the missing information to your organization’s card and send you a letter with instructions on how to change your password (we do not assign a password ourselves).
  3. After completing the password change procedure, you can begin reporting electronically.

4. When signing the report, an error appears: “The key certificate algorithm is not supported”

  1. There are Microsoft updates that lead to errors when working with digital signatures.
    These are the following updates:
    • 2604094
    • 2729450
    • 2729452
    • 2729453
    • 2742601
    To fix the error “The key certificate algorithm is not supported,” you need to uninstall the above Microsoft updates.
    Microsoft updates are removed through "Control Panel" - "Add or Remove Programs".
  2. Also, this error may appear if SharpeiRTE is installed before installing Net Framework 2.0SP2. In this case, run the installation SharpeiRTE again, select "Edit" and check to enable Framework 2 support.

5. When sending a report from "OffLine" an error appears: "Could not establish a connection to the site... It is not possible to establish a trust relationship for a secure SSL/TLS channel"

  1. Check the correct spelling of connection addresses in the OffLine client settings:

    Secure connection: https://online.statrk.ru/online

  2. Install the statistical reporting collection server in the “Trusted Root Certification Authorities” repository. See instructions.
  3. Open Internet Explorer and go to https://online.statrk.ru/online. If the certificate "UC HMC Rosstat" is installed, then the page will open without warning. Otherwise, a warning will appear stating that it is impossible to verify the authenticity of the site.
  4. Check if CryptoPRO Sharpay is installed. It can be downloaded from the OnLine collection site ()

6. When sending a report from the "OffLine client" the error appears: "Error while checking the security of the message"

    Check that the time on your computer is set correctly. When submitting, the system checks that the time on your computer matches the time on the reporting server in Universal Time (UTC), not local time. Accordingly for the Republic of Kalmykia The time zone on your computer should be set to " (UTC +4:00 ) Moscow, St. Petersburg, Volgograd " . If your time zone is "(UTC +3:00 ) Moscow, St. Petersburg, Volgograd" , then you need to download and install