0

I have created a simple WCF web service that uses basic authentication (sql membership provider) and https. Although I am having issues with my client trying to access it.

I am almost 100% positive it has to do with the certificate not being trusted, although I think have tried probably almost everything.

The application is hosted in IIS. When I try to edit bindings for the "Default website" and choose a certificate for https it only shows certificates that are in my personal store. So I cannot choose any certificates from a trusted store.

I have tried adding permissions in MMC from personal and dragging it back over to trusted people or trusted CA stores although it still isn't showing up in IIS.

The error my client is giving back is: Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I have tried everything here to fix this issue.

Is their any way I can set up a certificate for https in IIS from a trusted store? Or if this isn't the issue can someone shed some light on the real problem?

Community
  • 1
  • 1
user1632018
  • 2,485
  • 10
  • 52
  • 87

1 Answers1

0

I had this problem a few months ago, your problem may be the same issue that I was having.

My certificate was from a 3rd party. I installed it in the personal store, and provided the password that came with the certificate. I set my web.config, bindings, endpoints, I could see the certificate in IIS, etc etc. Everything looked fine. No matter what I tried I got the error message:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

In the end I figured out that the process that was running the ApplicationPool in IIS did not have permission to access the certificate. Using inetmgr.exe I clicked on Application Pools, right clicked the ApplicationPool being used for my website and selected Advanced Settings. In the dialog box under the Section Process Model there is an Identity property. This was set to ApplicationPoolIdentity, I changed this to NetworkService figuring that this should have permission. Tried it again and it worked.

I hope this helps.

Jack Pettinger
  • 2,715
  • 1
  • 23
  • 37