Hi!

Hoping for some help here re client certificates and SSL The following
method:

========================================================================
Public Sub SimpleXMLSendReceive()

       Try

           m_StartTime = Now

           Dim FileName As String
           Dim Request = CreateWebRequest()

--crashes-> m_XmlIn.Save(Request.GetRequestStream())
           
Private Function CreateWebRequest() As HttpWebRequest

       Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL &
"/" & m_Operation)

       SetProxy(objRequest.Proxy)

       objRequest.Method = "POST"
       objRequest.ContentType = "application/x-www-form-urlencoded"
       objRequest.Timeout = 300000

       Dim certStore As X509CertificateStore
       certStore = X509CertificateStore.CurrentUserStore(X509CertificateStore.RootStore.ToString)
       certStore.OpenRead()

       Dim cert As X509Certificates.X509Certificate
       If certStore.FindCertificateBySubjectString("XYZ").Count > 0
Then
           cert = certStore.FindCertificateBySubjectString("XYZ")(0)
       End If

       objRequest.ClientCertificates.Add(cert)

       Return objRequest

   End Function

========================================================================
I am attaching the cert ok, and I have IIS configured to require a
secure connection, and require a client cert The URl for the post is a
HTTPS address. When I hit the GetRequestStream call I get;

"The underlying connection was closed: could not establish a secure
connection."

I am using test certificates and when I change to another one the
error becomes could not establish a trust relationship ( I think this
may be related to the Untrusted Root Authority error).

I have tried implementing a custom ICertificatePolicy as follows :

========================================================================
Public Enum CertificateProblem As Long

   CertEXPIRED = 2148204801
   CertVALIDITYPERIODNESTING = 2148204802
   CertROLE = 2148204803
   CertPATHLENCONST = 2148204804
   CertCRITICAL = 2148204805
   CertPURPOSE = 2148204806
   CertISSUERCHAINING = 2148204807
   CertMALFORMED = 2148204808
   CertUNTRUSTEDROOT = 2148204809
   CertCHAINING = 2148204810
   CertREVOKED = 2148204812
   CertUNTRUSTEDTESTROOT = 2148204813
   CertREVOCATION_FAILURE = 2148204814
   CertCN_NO_MATCH = 2148204815
   CertWRONG_USAGE = 2148204816
   CertUNTRUSTEDCA = 2148204818
End Enum

Class CertPol
   Implements ICertificatePolicy

   Public Function CheckValidationResult(ByVal srvPoint As
System.Net.ServicePoint, ByVal certificate As
System.Security.Cryptography.X509Certificates.X509Certificate, ByVal
request As System.Net.WebRequest, ByVal certificateProblem As Integer)
As Boolean Implements
System.Net.ICertificatePolicy.CheckValidationResult
       Return True
   End Function
End Class

========================================================================

And registed it with ServicePointManager prior to the problem call:

========================================================================

System.Net.ServicePointManager.CertificatePolicy = New CertPol()

========================================================================

to attempt and override the issue... but no dice...

Any ideas would be much appreciated.

THanks,

Matt