0

I have this line in my code (c# Net 4 client profile):

ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(customXertificateValidation);

Which calls:

private static bool customXertificateValidation(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
    {
        return true;
    }

To skip SSL certificate error, but I'm still getting the error of "cannot create SSL/TLS channel".

Also if I run Fiddler to check my traffic, it does connect to the service.

However on another solution (working with another server, this works perfectly) What should I check on my project config, or maybe my pc (windows 8.1 64 bits), or maybe something with Fiddler?

Thanks

cadaov
  • 145
  • 2
  • 2
  • 10
  • Is the method at the top of the method you are calling? I think the order in which it is called matters here. Also, did you know you can shorten that statement to `ServicePointManager.ServerCertificateValidationCallback = (obj, certificate, chain, errors) => true;`. Also, you shouldn't really ignore these errors unless you really have to (i.e. you're working in a development or internal environment). It's a pretty big security hole and it would be risky to send anything of value over the connection. – BobbyDazzler Jul 25 '14 at 14:24
  • I know the security risks involved, right know I'm in a test environment so it shouldn't be problem. I changed it to your code, and still get the same error. What's really strange is that while running fiddler I don't get the error. – cadaov Jul 25 '14 at 14:45
  • Are you using the security certificate Fiddler provides when viewing SSL connections? Is there a certificate being provided when you aren't using Fiddler? – BobbyDazzler Jul 25 '14 at 14:48
  • I'm not using the certificate Fiddler provides for SSL yet it works. But when not running Fiddler I get SSL connection error. Even more strange is that the url I'm connecting is certified by Comodo. Also I tried to import that certificate (exporting it from Chrome) into the certlm util as a Trust Entity, but still get the same error. – cadaov Jul 25 '14 at 14:54
  • Hmm. Do you know if you need an intermediate certificate? Also, do you know if the certificate is trusted by your host (if you're using IIS)? Can IIS see the SSL certificate? – BobbyDazzler Jul 25 '14 at 15:01
  • I'll ask the web service developer, however I'm not trying to connect using a web app, I'm using a Windows client project, so I don't think IIS should take into account that. Plus, when testing with SoapUI (I know it's written in Java) works just fine. Could possibly be a problem with my OS? – cadaov Jul 25 '14 at 15:21
  • I wouldn't think it would be your OS. Have you checked that your client program is connecting to the correct and exact URL? (not to put you down or anything). – BobbyDazzler Jul 25 '14 at 15:29
  • Yes, I have double checked that, the URL is ok. – cadaov Jul 25 '14 at 15:39
  • What is the URL to the server? And `return true` is a really bad idea. Its very irresponsible. I'm sorry to hear it works on another customer's project. If you are not going to use PKIX correctly, why bother using it at all? – jww Jul 26 '14 at 18:11
  • I know the risks involved, but it's a test environment, afterwards I will add the security logic. If you'd like to know the URL is https://industriatest.com.ar/ – cadaov Jul 28 '14 at 12:15

1 Answers1

0

Solved! Apparently this seemed to happened when calling the web service with the wrong type of header, misleading to an SSL error.

See this for a complete answer: WCF client security header error "An invalid security token was provided"

Community
  • 1
  • 1
cadaov
  • 145
  • 2
  • 2
  • 10