Server Side SSLStream SSL TLS, A Call to SSPI Failed, see inner Exception


I'm trying to intercept a webhook that sends inventory updates. When the webhook is sent through http, I can read the results just fine When the webhook is sent through https, the output is jumbled in random characters. I've been researching and making very little progress over the past couple of days.

I've created an certificate using Powershell and an exact copy of the localhost Example 9 from

and then added it to the trusted root certification authorities under Local Computer

When I run as administrator the error then changes from "System.ComponentModel.Win32Exception: 'The credentials supplied to the package were not recognized" to the SSPI error message below.

I also exported the .pfx using MMC.exe and then used the 2 commands from here under Solution, enter image description here

sslstream.AuthenticateAsServer(certfile, True, System.Security.Authentication.SslProtocols.Tls12, False)

returns with the below error I've tried using ssl3 tls10,11,12, all with the error "System.Security.Authentication.AuthenticationException: 'A call to SSPI failed, see inner exception.' Win32Exception: An unknown error occurred while processing the certificate (except ssl3 which tells me the algorithms don't match) I've also tried playing around with the ServicePointManager to no Avail.

Where am I going wrong here? What are my next few steps?

Edit: Further investigation leads me to this error code System.ComponentModel.Win32Exception (0x80004005): which seems to have something to do with permissions. I couldn't find permissions (edit, I found the permissions, but still unsuccessful) for the certificate itself, but i changed the permissions for the .pfx file, and for one single test, it seemed like i got passed the issue, and smacked right into my next one. However, I cannot recreate this semi-successful test even after recreating the pfx file. Is this even possible for me to do with an .exe? (edit: I think the semi success was actually the server catching a stray Retry attempt from the webhook that resulted in a different error)

  Sub Main()
    Dim serverSocket As New TcpListener(System.Net.IPAddress.Any, 8008)
    Dim certstore As X509Store = New X509Store(StoreName.Root, StoreLocation.LocalMachine)
    Dim certfile As X509Certificate = Nothing
    For Each cert In certstore.Certificates
        If cert.Thumbprint = "0F41BDC3ABAAA941AFD16EE3BD3BBA122DEF3042".ToUpper Then
            certfile = cert
            Msg("Cert Loaded")
        End If
    Dim clientSocket As TcpClient = Nothing
    Dim objCertificatePolicy As New CustomCertificatePolicyHandler

    Dim infiniteCounter As Integer
    Dim counter As Integer
    Msg("WebHook Server Started!")
    counter = 0
    For infiniteCounter = 1 To 2
        infiniteCounter = 1
        counter += 1
        ServicePointManager.ServerCertificateValidationCallback = objCertificatePolicy.ServerCertificateValidationCallback
        ServicePointManager.Expect100Continue = True
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
        ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications)

        clientSocket = serverSocket.AcceptTcpClient()
        Dim dataFromClient As String
        Dim bytesfrom(10024) As Byte
        Dim networkStream As NetworkStream = clientSocket.GetStream()
        Dim sslstream = New SslStream(clientSocket.GetStream(), False)
        sslstream.AuthenticateAsServer(certfile, True, System.Security.Authentication.SslProtocols.Tls12, False)
        sslstream.ReadTimeout = 5000
        sslstream.WriteTimeout = 5000
        sslstream.Read(bytesfrom, 0, bytesfrom.Length)
        dataFromClient = System.Text.Encoding.ASCII.GetString(bytesfrom)
        clientsList(dataFromClient) = clientSocket
        Msg("WebHook Received " + vbCrLf + dataFromClient)
        Dim client As New HandleClinet
        client.StartClient(clientSocket, dataFromClient, clientsList)
End Sub

Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
    Return True
End Function

Public Class CustomCertificatePolicyHandler
    Implements ICertificatePolicy

    Private ReadOnly _ServerCertificateValidationCallback As System.Net.Security.RemoteCertificateValidationCallback

    Public Overridable ReadOnly Property ServerCertificateValidationCallback() As System.Net.Security.RemoteCertificateValidationCallback
            Return _ServerCertificateValidationCallback
        End Get
    End Property
    Public Function CheckValidationResult(ByVal srvPoint As ServicePoint,
          ByVal cert As X509Certificate, ByVal request As WebRequest,
          ByVal certificateProblem As Integer) _
      As Boolean Implements ICertificatePolicy.CheckValidationResult
        'Return True to allow the certificate to be accepted.
        Return True
    End Function

    Public Sub New()
    End Sub
asked on Stack Overflow Dec 29, 2020 by drpepper1324 • edited Dec 31, 2020 by drpepper1324

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0