0

We have a web service (service A) that calls another intranet service (service B) using HttpWebRequest via HTTP. When we have tried to upgrade that intranet service (service B) to HTTPS, we have started to see The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel exception.

Can this be related to not having the certificate in Server Certificates on the server where service A is located?

I have found the following article, but it seems to be more related to the same issue on the desktop, not on the server.

Could not establish trust relationship for SSL/TLS secure channel -- SOAP

spektro37
  • 187
  • 1
  • 3
  • 12
  • Find your network administrators and learn what is SSL/TLS from them. The most likely cause, is that your server A does not trust the server certificate you gave to server B (part of HTTPS setup). – Lex Li Nov 13 '19 at 14:01
  • You don't have to have service B's certificate in server A's certificate store. But you do need to trust the Certificate Authority (CA) that signed service B's certificate. And the cert must be for the proper address the service is hosted at, and the dates on the cert must still be valid etc. Have you verified all that? – mason Nov 13 '19 at 14:07
  • @mason, yes, the address is the same as the certificate was issued for and the dates are valid. Could you please advise where in IIS I can check if CA is a trusted one? – spektro37 Nov 13 '19 at 15:35
  • 1
    It's not in IIS. It would be in Windows certificate store. Start > Manage Computer Certificates. The CA probably needs to be in the Trusted Root Certification Authorities > Certificates folder. – mason Nov 13 '19 at 15:37

1 Answers1

0

@mason's comment to my question helped resolve the problem. Indeed CA's certificate was not amongst trusted root certificates.

It's not in IIS. It would be in Windows certificate store. Start > Manage Computer Certificates. The CA probably needs to be in the Trusted Root Certification Authorities > Certificates folder.

spektro37
  • 187
  • 1
  • 3
  • 12