locked
Cannot call a webservice from Silverlight OOB when SSL is using self signed certificate

    Question

  • Hello,

    I've a Silvelight 4 app that consumes a remote service. All is ok if the service (and the SL app too: they are in the same Web site) is published via standard http. If I'm using httpS (using a self signed certificate), the app works only in browser mode. When I run the SL app Out Of Browser, it cannot contact the svc web service (reporting: the remote server returned an error: notfound).

    I noticed that if I put a Webclient control on the SL app and navigate the same Web site where the svc is, it asks to authorize the access using the self signed certificate. After that, the SL client can contact the Webservice!

    I also tried to trust and import the SSL certificate, but still nothing :(

    Any way to skip SSL certificate validation in Silverlight?

    thanks

     

    Wednesday, April 06, 2011 4:08 PM

All replies

  • Hello,

    I've a Silvelight 4 app that consumes a remote service. All is ok if the service (and the SL app too: they are in the same Web site) is published via standard http. If I'm using httpS (using a self signed certificate), the app works only in browser mode. When I run the SL app Out Of Browser, it cannot contact the svc web service (reporting: the remote server returned an error: notfound).

    I noticed that if I put a Webclient control on the SL app and navigate the same Web site where the svc is, it asks to authorize the access using the self signed certificate. After that, the SL client can contact the Webservice!

    I also tried to trust and import the SSL certificate, but still nothing :(

    Any way to skip SSL certificate validation in Silverlight?

    thanks

     


    Hello, I am facing the same issue. But interestingly, if you start a Fiddler session and set its Fiddler options (Tools -> Options -> HTTPS tab) to intercept the HTTPS traffic, then everything works well, both in browser as well as OOB. The first time Fiddler will ask you to place the certificate at appropriate location. Then all is well. So it seems that either the certificate is not attached with Silverlight code, or it is unable to use the browser's certificate store to pick up appropriate certificate. I tried by signing the XAP file also, but it doesn't work. I would appreciate if anybody has idea on this and can share.
    Chandresh J Makwana
    Tuesday, June 21, 2011 3:35 PM
  • Hi.

    Do you still have an answer for this problem? Because I have the same!

    Thanks

    Regards

    Friday, June 29, 2012 9:32 AM
  • nothing

    Friday, June 29, 2012 10:13 AM
  • Hi,

    I am having the same problem. 

    The application is silverlight 5 and it is working as expected in browser, but when running the out of browser it fails to connect to server with Not Found Error. I have also tried using a trusted certificate and ii still doesn't work. 

    Is there any way to make the silverlight out of browser application run on https? 

    According to this article: http://msdn.microsoft.com/en-us/library/dd550721(v=vs.95).aspx, it should work.

    Update:

    Fixed by creating the certificate using makecert.  Follow the steps from this article http://www.codeproject.com/Articles/24027/SSL-with-Self-hosted-WCF-Service and replace CN with your ip/domain. In my case I have tested the service on the local machine and run the commands as follows:

    1) makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

    after running the first command drag the certifiacte from "Personal" directory to "Trusted Root Certification Authority"

    2) makecert -iv SignRoot.pvk -ic signroot.cer -cy end -pe -n
    CN="localhost" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr
    localmachine -sky exchange -sp
    "Microsoft RSA SChannel Cryptographic Provider" -sy 12

    In case you want to run the silverlight application on another machine, export the certificate created at step1 and then import it on any machine where you want your application to run and replace "localhost" from CN with your Ip/domain.


    • Edited by alexgcy Monday, August 13, 2012 11:23 AM found a solution
    Wednesday, August 08, 2012 7:08 AM