The remote certificate is invalid according to the validation proc

Bart · May 11, 2006

Hi,

I have a webservice that is running fine without SSL.
When I call my webservice over SSL I recieve following error message:

System.Net.WebException:
The underlying connection was closed: Could not establish trust relationship
for the SSL/TLS secure channel.
---> System.Security.Authentication.AuthenticationException: The remote
certificate is invalid according to the validation procedure..

I added this line to my code to add the certificate:
target.ClientCertificates.Add(System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile("d:\\MyCertFile.cer"));

I'm new to this certificate stuff.

Thanks
Bart

Steven Cheng[MSFT] · May 12, 2006

Hi Bart,

Thank you for posting.

From your description, I understand that you're developing an .NET/ASP.NET
webservice and accessing it through .nett gernated proxy at client-side.
Also, the webservice is protected through https/ssl. However, at runtime
when try calling tha webservice , you're getting exception indicate that
the ssl protected connection can not be establshied, correct?

Based on my experience, such error is likely caused by the certificate used
in the SSL/HTTPS connection establishing could not be correctly validated.
In the code you provided, you also add client certificate in your
webservice proxy, so is your server-side service configured to require
client certificate (in IIS)? I'd suggest you consider perform the
following test first to verirfy whether the problem is due to client-side
cert validation or server certificate validation:

1. You can configure the webservice to not require client certificate and
try accessing the server service (without add client certificate) to see
whether it works.

2. If still report error, the problem is concerns with the server service's
SSL certificate or the servername you used to access the server. To do
further troubleshoot, you can first put an html page or aspx page in that
ssl/https protected IIS virtual directory/application and try using IE to
access that page to see whether you can correctly visit that page, also
make sure whether you'll get any warning or error dialog during the
visiting of that page. If there occurs any warning or error dialog, it
indicate there is something not quite correctly against the server SSL
certificate, and when we use webservice proxy to access the service, since
there is not UI to let us interactively process such error condition, it'll
end to an exception...

Please have a check through the above items. If there is anything unclear
or any other finding, please feel free to post here.

Regards,

Steven Cheng
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Bart · May 19, 2006

Hi Steven,

It was indeed the certificate warning when opening the site.

Thanks for your help.

Steven Cheng[MSFT] · May 22, 2006

Thanks for your respones Bart,

Then, you can have a look at the following article and implement an custom
CertificatePolicy class to handle any certificate error occured when
establishing https connection using webrequest:

#Consuming Webservices over HTTPS (SSL)
http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Steven Cheng[MSFT] · May 24, 2006

Hello Bart,

Anyway progress on this issue or does my further reply helps you?
Please feel free to post here if there's anything else we can help.

Regards,

Steven Cheng
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Using GMail with ASP.Net: error: The remote certificate is invalid according to the validation proce	4	Mar 5, 2008
Client certificate is invalid	3	Oct 3, 2008
Certificate validation	1	Aug 5, 2011
Sending mail encounters AuthenticationException (remote certificateis invalid ...)	2	Apr 9, 2008
Server certificate validation on client side	0	Sep 9, 2011
'Could not establish trust relationship' using a new SSL certificate	2	Apr 27, 2004
Unable to call SSL Web Service passing Client Certificate	0	Jul 2, 2004
An existing connection was forcibly closed by the remote host	1	Sep 8, 2005

The remote certificate is invalid according to the validation proc

Bart

Steven Cheng[MSFT]

Bart

Steven Cheng[MSFT]

Steven Cheng[MSFT]

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads