1

I configured the Bus with the scripts below.
The new cert in the LocalComputer\Personal\Certificates cert store.

The sample app throws an authorizationexception :

'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Inner exception {"The remote certificate is invalid according to the validation procedure."}

$SBRunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String [PASSWORD];

$SBCertAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String [PASSWORD];

New-SBFarm -CertAutoGenerationKey $SBCertAutoGenerationKey -RunAsName 'server\user' -AdminGroup 'BUILTIN\Administrators' -PortRangeStart 9000 -TcpPort 9354 -FarmMgmtDBConnectionString 'Data Source=[SERVER]\SQLEXPRESS;Integrated Security=True' 

Add-SBHost -FarmMgmtDBConnectionString 'Data Source=[SERVER]\SQLEXPRESS;Integrated Security=True' -RunAsPassword $SBRunAsPassword -CertAutoGenerationKey $SBCertAutoGenerationKey;
New-SBNamespace -Name 'DemoNameSpace' -ManageUser '[USER]';
Michael W
  • 21
  • 3
  • Hey, did you find what was wrong in your case? I have the same problem while I have the certificate installed in my computer account \ local computer. – user2173353 Mar 04 '14 at 14:35
  • If you stumble upon this question/answer and you made your own certificates..........if you install service as a farm....(more than 1 service-bus machine).......you need to create "server authentication" cert (MyServiceBusMachineOne.full.domainname.com) with "Alternate Subject Name" of "*.full.domainname.com" (wildcard of *). If you (temporarily) run the install with auto-generate-certficates, and check the properties of the cert (in mmc), look at the "Subject Alternate Name" property. "makecert.exe" does not support "subject alternate name", so you have to use something else. I used .... – granadaCoder Oct 27 '16 at 21:31
  • BouncyCastle. Here is a "get-you-started" http://stackoverflow.com/questions/22230745/generate-self-signed-certificate-on-the-fly and then added : http://boredwookie.net/index.php/blog/bouncy-castle-add-a-subject-alternative-name-when-creating-a-cer/ – granadaCoder Oct 27 '16 at 21:31

2 Answers2

3

If you're running your client application on a different machine than the server, then you need to import the CA into your your client machine to be able to trust the certificate ServiceBus presents.

This page has information on how to perform that: http://msdn.microsoft.com/en-us/library/jj192993.aspx

Also, make sure that your client calls always use the fully qualified domain name of the machine (if your machine is domain joined). This is because the certificate that ServiceBus generates on install uses the FQDN of the box as the certificate's CN.

Jason Kleban
  • 20,024
  • 18
  • 75
  • 125
Ramiro Berrelleza
  • 2,254
  • 1
  • 15
  • 27
0

On a non domain computer you need to modify the url format and remove the domain component.

Michael W
  • 21
  • 3