4

I have a client site that when a button is clicked it calls a wcf web service. The client site is http, while the url for the web service is https and requires a certificate. I have a valid signed private key certificate I am using.

Everything works fine on my localhost; however, after deploying to a windows 2003 server running iis 6, I get the below error when the web service is called:

Could not establish trust relationship for the SSL/TLS secure channel with authority "host's url"

I added the cert to the store, using same web.config that works locally. I have validated that the web service call finds and sets the valid X509Certificate.

Not sure what I am missing, and I don't want to override the servicepiont manager to return true every time.

Any ideas or things I might looks into?

Popo
  • 2,402
  • 5
  • 33
  • 55
  • possible duplicate of [WCF: Could not establish trust relationship for the SSL/TLS secure channel with authority](http://stackoverflow.com/questions/1742938/wcf-could-not-establish-trust-relationship-for-the-ssl-tls-secure-channel-with) – jww Aug 15 '14 at 20:52
  • If this helped you one your way to solving your problem, please up vote – Popo Dec 15 '18 at 03:11

2 Answers2

9

Found the problem.

The root certificate which the host of the web service uses was not trusted by my server. (not sure why it was on my local machine and not my server). I found this out by opening the host's url in a web browser from the server to view their wsdl and got the security warning.

Remedy: went to the issuer's site downloaded their root cert and added to my trusted root certifcation authorities.

Bam, it works now.

Popo
  • 2,402
  • 5
  • 33
  • 55
  • 2
    You may get this if you have been using Fiddler to debug service calls and have used it's certificate interception mode. Just remove the interception in fiddler's options and you should be good – Ruskin Oct 09 '14 at 10:50
1

If it is a private cert it must be added to both the client and the server as no client can validate its root key.

rerun
  • 25,014
  • 6
  • 48
  • 78
  • The https web service call is autonomous from the client app. I probably should have made that a little more clear, user clicks a button that calls a local web service which then calls the https external web service in code behind. – Popo Oct 29 '13 at 22:36