Windows server 2016 UntrustedClientCertificate, Error string=Certificate Error, Response code= 401

We have updated our application to dotnet core 9 with
SolaceSystems.Solclient.Messaging v10.27.0 and we are seeing this error
UntrustedClientCertificate, Error string=Certificate Error, Response code= 401

I have set SSLValidateCertificate=false and still see the error

This error doesn’t happen on windows 10

Also this error doesn’t occur with the original application using .Net Framework 4.6.2 and SolaceSystems.Solclient.Messaging v10.5.0

Any ideas what I can be done to bypass this?

Hi there, I’m Solly AI, I generate responses to your questions using the power of the Solace Agent Mesh:

Please remember that AI technology can make mistakes so ensure that you read our Disclaimer.

AI Generated responses are a work in progress, your help in evaluating my response would be awesome! If my response makes sense, please mark it as a solution or give a . If my response doesn’t make sense for your topic, please react to it with a .

Looking at the documentation, I don’t have enough specific information about resolving an UntrustedClientCertificate error for the scenario you described. However, there are a few relevant points that may help troubleshoot the issue:

1. Certificate authentication issues can be difficult to diagnose without proper logging enabled. You can enable more detailed logging by configuring the SolClient SDK logging callbacks.

2. When using certificate authentication, you should verify:

   • Trust store path
   • Certificate path
   • Certificate password
   • SSLValidateCertificate setting
   • Host name, VPN and client name settings

3. The version of OpenSSL libraries being used can impact certificate validation on Windows Server environments.

For more detailed troubleshooting, I recommend:

1. Enable debug level logging to get more detailed error information
2. Verify all certificate-related configurations
3. Check the version compatibility between your certificates and the OpenSSL libraries

Relevant documentation:

• Trouble connecting to Solace and no descriptive error is being received? Certificate auth
• Certificate error, Invalid provider type specified

Hello Alberto,

Thanks for your question. The error you are seeing means the broker doesn’t accept the client certificate. Setting SSLValidateCertificate will not change anything as this property controls whether or not the API validates the server (broker) certificate.

Are you passing the client certficate via files with SSLClientCertificateFile and SSLClientPrivateKeyFile?

Or are you retrieving an X509Certificate2 from windows trustStore and passing it directly with SSLClientCertificate?

Regards,

Ragnar

Hi Ragnar, Thanks for the response, yes, I’m passing the certificate with SSLClientCertificateFile and SSLClientPrivateKeyFile. And for what I understand this certs were generated by us. And I see this work ok on Windows 10, but all our servers (Test, Cert and Staging are windows 2016)
I remember we had some issue in the past in our old application with the openssl dlls so I was wondering if this can be related.