Service Bus Queues Brokered Messages - SSL/TLS secure channel error

Question

Hi,

I am trying to make a REST call from a SharePoint 2010 control, to Azure Service Bus Queues Brokered Messages and I got the following error message:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The code I use:

	string serviceNamespace = "MYNAMESPACE";
        string issuerName = "MYISSUER";
        string issuerSecret = "MYSECRETKEY";
        string sbHostName = "servicebus.windows.net";

        string acsHostName = "accesscontrol.windows.net";
        string relativeAddress = "MYQUEUENAME";
        string baseAddress = "";

        private string GetToken(string issuerName, string issuerSecret)
        {
            var acsEndpoint = "https://" + serviceNamespace + "-sb." + acsHostName + "/WRAPv0.9/";
            var realm = "http://" + serviceNamespace + "." + sbHostName + "/";
            NameValueCollection values = new NameValueCollection();
            values.Add("wrap_name", issuerName);
            values.Add("wrap_password", issuerSecret);
            values.Add("wrap_scope", realm);
            WebClient webClient = new WebClient();
            byte[] response = webClient.UploadValues(acsEndpoint, values);
            string responseString = Encoding.UTF8.GetString(response);
            var responseProperties = responseString.Split('&');
            var tokenProperty = responseProperties[0].Split('=');
            var token = Uri.UnescapeDataString(tokenProperty[1]);
            return "WRAP access_token=\"" + token + "\"";
        }


        private string GetBaseAddress()
        {
            return baseAddress = "https://" + serviceNamespace + "." + sbHostName + "/";
        }

          //than in Button_Click event handler I use this code.
	  MYOBJECT myObject = new MYOBJECT();
		
          string jsonMessage = JSONHelper.Serialize<MYOBJECT>(myObject);
          var token = GetToken(issuerName, issuerSecret);
          baseAddress = GetBaseAddress();
          string fullAddress = baseAddress + relativeAddress + "/messages";
          WebClient webClient = new WebClient();
          webClient.Headers[HttpRequestHeader.Authorization] = token;
          webClient.UploadDataAsync(new Uri(fullAddress), "POST", Encoding.UTF8.GetBytes(jsonMessage));			
							
							

Somehow, SharePoint doesn't trust the service bus endpoint. Any idea how can I make SharePoint trust that? Can I download the certificate from somewhere and install it on the SharePoint server?

I managed to avoid this issue if I bypass the certificate validation by using this method:

        private bool customXertificateValidation(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
        {
            X509Certificate2 certificate = (X509Certificate2)cert;
            if (!String.IsNullOrEmpty(certificate.Thumbprint))
            {
                return true;
            }
            return false;
        }	

and then, using this in the code right before I make the REST post:

ServicePointManager.ServerCertificateValidationCallback += customXertificateValidation;

Then the certificate error is passed.

Any idea how can I fix the problem without bypassing the certificate validation?

Thanks!

Answer 1

Hi,

SharePoint 2010 maintain its own certificate store where you can configure trusts and so forth. For example if you run the same code in a forms app or console it might work fine because the ACS SSL certificate is trusted but it might not work in SharePoint.

ACS SSL certificate is issued by GTE CyberTrust Global Root. You can download this certificate from here: https://www.globaltrustpoint.com/x509.... on your desktop as .cer file

Then in SharePoint 2010 Central Administration go to:

Security -> (General Settings) Manage trust -> (Ribbon) New -> Enter a name, Browse for the .cer file you downloaded earlier on your desktop -> OK

Optional: IISRESET

Than try it again, and it should work!

Good luck!