10

Trying to set up a self signed certificate, for our intranet's web services site. The certificate itself shows it is "ok" but when trying to invoke a method from the web service it throws an error, and also while adding the web reference it gives a warning.

Here are the steps and some screenshots to make sure i provide accurate information.

Windows server 2003. IIS. The web site is "WebServices.companyName.vmc"

1

Here is the host header for the site

2

From the server, it shows the cert is 'ok'.

enter image description here

Here are some of the site settings

enter image description here

Now, in visual studio 2008, adding the web reference

enter image description here

Clicking 'Yes' to the popup

enter image description here

Clicking 'No' to this popup, several times sequentially.

enter image description here

After the line of code runs, which calls the web service... i get this error

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

And when webservice site in a browser, the little pad lock by the URL bar, provides this message:

enter image description here

Here is my existing code:

Dim mySvc As New WebServices.InstantAccount
mySvc.calledFunction()

EDIT

For anyone with a similar issue, please read both iamkrillin's answer, and my answer... as they are both two different ways of solving the issue... depending on which part you can control (the code, or the cert).

John Saunders
  • 160,644
  • 26
  • 247
  • 397
adam
  • 2,930
  • 7
  • 54
  • 89
  • Maybe this will help you http://stackoverflow.com/questions/703272/could-not-establish-trust-relationship-for-ssl-tls-secure-channel-soap – daniloquio Jun 29 '12 at 17:58
  • I read that post previously, and i have confirmed a couple things such as DNS line-of-sight, that the cert is still valid, and the date is correct... but the rest of a bit beyond me. which is why i posted so many screenshots. – adam Jun 29 '12 at 18:01
  • If i had to guess, i'd say "•are you using the correct name from the certificate?" is a good place to check. But i'm not sure how to check that. – adam Jun 29 '12 at 18:03
  • As the answer below from @iamkrillin alludes to, the issue is on the CLIENT accepting the certificate from an untrusted root certificate provider. – dmarietta Jun 29 '12 at 18:32

2 Answers2

13

Add this line of code somewhere before you create your service client.

ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);

Do note: this will cause your app to accept all invalid certs and just keep moving. If this is not acceptable, you can attach a function to that and do processing to determine if the cert error is ok or not

iamkrillin
  • 6,798
  • 1
  • 24
  • 51
2

iamkrillin did have a working solution, in that his code will ignore the invalid cert, and allow the application to use the web service.

In addition to this, I have corrected the certificate so that i no longer need to ignore the invalid cert.

The host header value (shown in OP) was WebServices.mycompany.vmc , but the "Common Name" or "Friendly Name" for the certificate (shown in OP screenshot 3 for 'Certification Path') was WebServices.

The common name, and the website URL need to match. I recreated the self-signed cert with a common name of "WebServices.mycompany.vmc" and now the certificate error is gone. The web service is available for use, without the coder needing to ignore invalid certs for the application.

adam
  • 2,930
  • 7
  • 54
  • 89