The remote certificate is invalid according to the validation proc

Discussion in 'ASP .Net Web Services' started by Bart, May 11, 2006.

  1. Bart

    Bart Guest

    Hi,

    I have a webservice that is running fine without SSL.
    When I call my webservice over SSL I recieve following error message:

    System.Net.WebException:
    The underlying connection was closed: Could not establish trust relationship
    for the SSL/TLS secure channel.
    ---> System.Security.Authentication.AuthenticationException: The remote
    certificate is invalid according to the validation procedure..

    I added this line to my code to add the certificate:
    target.ClientCertificates.Add(System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile("d:\\MyCertFile.cer"));

    I'm new to this certificate stuff.

    Thanks
    Bart
    Bart, May 11, 2006
    #1
    1. Advertising

  2. Hi Bart,

    Thank you for posting.

    From your description, I understand that you're developing an .NET/ASP.NET
    webservice and accessing it through .nett gernated proxy at client-side.
    Also, the webservice is protected through https/ssl. However, at runtime
    when try calling tha webservice , you're getting exception indicate that
    the ssl protected connection can not be establshied, correct?

    Based on my experience, such error is likely caused by the certificate used
    in the SSL/HTTPS connection establishing could not be correctly validated.
    In the code you provided, you also add client certificate in your
    webservice proxy, so is your server-side service configured to require
    client certificate (in IIS)? I'd suggest you consider perform the
    following test first to verirfy whether the problem is due to client-side
    cert validation or server certificate validation:

    1. You can configure the webservice to not require client certificate and
    try accessing the server service (without add client certificate) to see
    whether it works.

    2. If still report error, the problem is concerns with the server service's
    SSL certificate or the servername you used to access the server. To do
    further troubleshoot, you can first put an html page or aspx page in that
    ssl/https protected IIS virtual directory/application and try using IE to
    access that page to see whether you can correctly visit that page, also
    make sure whether you'll get any warning or error dialog during the
    visiting of that page. If there occurs any warning or error dialog, it
    indicate there is something not quite correctly against the server SSL
    certificate, and when we use webservice proxy to access the service, since
    there is not UI to let us interactively process such error condition, it'll
    end to an exception...

    Please have a check through the above items. If there is anything unclear
    or any other finding, please feel free to post here.

    Regards,

    Steven Cheng
    Microsoft Online Community Support


    ==================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    ==================================================


    This posting is provided "AS IS" with no warranties, and confers no rights.



    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], May 12, 2006
    #2
    1. Advertising

  3. Bart

    Bart Guest

    RE: The remote certificate is invalid according to the validation

    Hi Steven,

    It was indeed the certificate warning when opening the site.

    Thanks for your help.


    "Steven Cheng[MSFT]" wrote:

    > Hi Bart,
    >
    > Thank you for posting.
    >
    > From your description, I understand that you're developing an .NET/ASP.NET
    > webservice and accessing it through .nett gernated proxy at client-side.
    > Also, the webservice is protected through https/ssl. However, at runtime
    > when try calling tha webservice , you're getting exception indicate that
    > the ssl protected connection can not be establshied, correct?
    >
    > Based on my experience, such error is likely caused by the certificate used
    > in the SSL/HTTPS connection establishing could not be correctly validated.
    > In the code you provided, you also add client certificate in your
    > webservice proxy, so is your server-side service configured to require
    > client certificate (in IIS)? I'd suggest you consider perform the
    > following test first to verirfy whether the problem is due to client-side
    > cert validation or server certificate validation:
    >
    > 1. You can configure the webservice to not require client certificate and
    > try accessing the server service (without add client certificate) to see
    > whether it works.
    >
    > 2. If still report error, the problem is concerns with the server service's
    > SSL certificate or the servername you used to access the server. To do
    > further troubleshoot, you can first put an html page or aspx page in that
    > ssl/https protected IIS virtual directory/application and try using IE to
    > access that page to see whether you can correctly visit that page, also
    > make sure whether you'll get any warning or error dialog during the
    > visiting of that page. If there occurs any warning or error dialog, it
    > indicate there is something not quite correctly against the server SSL
    > certificate, and when we use webservice proxy to access the service, since
    > there is not UI to let us interactively process such error condition, it'll
    > end to an exception...
    >
    > Please have a check through the above items. If there is anything unclear
    > or any other finding, please feel free to post here.
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Community Support
    >
    >
    > ==================================================
    >
    > When responding to posts, please "Reply to Group" via your newsreader so
    > that others may learn and benefit from your issue.
    >
    > ==================================================
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    >
    >
    >
    Bart, May 19, 2006
    #3
  4. RE: The remote certificate is invalid according to the validation

    Thanks for your respones Bart,

    Then, you can have a look at the following article and implement an custom
    CertificatePolicy class to handle any certificate error occured when
    establishing https connection using webrequest:

    #Consuming Webservices over HTTPS (SSL)
    http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx

    Hope this helps.

    Regards,

    Steven Cheng
    Microsoft Online Community Support


    ==================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    ==================================================


    This posting is provided "AS IS" with no warranties, and confers no rights.



    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], May 22, 2006
    #4
  5. RE: The remote certificate is invalid according to the validation

    Hello Bart,

    Anyway progress on this issue or does my further reply helps you?
    Please feel free to post here if there's anything else we can help.

    Regards,

    Steven Cheng
    Microsoft Online Community Support


    ==================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    ==================================================


    This posting is provided "AS IS" with no warranties, and confers no rights.



    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], May 24, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Lozzi
    Replies:
    3
    Views:
    1,920
    David Lozzi
    Jun 1, 2005
  2. NevilleDNZ
    Replies:
    9
    Views:
    427
    NevilleDNZ
    Aug 16, 2006
  3. Carmine [www.thetotalsite.it]
    Replies:
    4
    Views:
    6,596
    Carmine [www.thetotalsite.it]
    Mar 5, 2008
  4. Jean-Hugues ROBERT

    Why no Proc##[]=() ? Why no Proc##replace() ?

    Jean-Hugues ROBERT, May 1, 2004, in forum: Ruby
    Replies:
    14
    Views:
    270
    Jean-Hugues ROBERT
    May 5, 2004
  5. Minkoo Seo

    Proc vs lambda vs proc

    Minkoo Seo, Feb 4, 2007, in forum: Ruby
    Replies:
    19
    Views:
    232
    Brian Candler
    Feb 6, 2007
Loading...

Share This Page