none
Keep Getting "The certificate authority is invalid or incorrect" error on web service call

    Question

  • Hi ALL,

    I am creating an Win32 application for calling web service using WSDL file in which i am getting "The certificate authority is invalid or incorrect" error every time.

    I have provided the log in credentials.

    Any idea how to resolve this.

    Here is the sample code in which i am getting error

    int main()
    {
    	HRESULT hr;
    	WS_ERROR *error;
    
    	hr = WsCreateError(NULL, 0, &error);
    	if (FAILED(hr))
    	{
    		PrintError(hr, error);
    		int a = 0;
    		return -1;
    	}
    
    	WS_HEAP *heap;
    	hr = WsCreateHeap(100, 0, NULL, 0, &heap, error);
    	if (FAILED(hr))
    	{
    		PrintError(hr, error);
    		WsFreeError(error);
    		return -1;
    	}
    	
    	WCHAR* result = new WCHAR[2048];
    	WCHAR* arg1 = new WCHAR[50];
    	WCHAR* arg2 = new WCHAR[50];
    	*wcscpy(arg1, L"arg1Value");
    	*wcscpy(arg2, L"arg2Value");
    	BOOL arg3 = TRUE;
    	
    	WS_SERVICE_PROXY *serviceProxy;	
    
    	WS_STRING_USERNAME_CREDENTIAL usernameCredential = {}; // zero out the struct
        WS_STRING userName = WS_STRING_VALUE(L"username");
        WS_STRING passWord = WS_STRING_VALUE(L"password");
        usernameCredential.credential.credentialType = WS_STRING_USERNAME_CREDENTIAL_TYPE; // set the credential type
        usernameCredential.username = userName;
        usernameCredential.password = passWord;
        
        // declare and initialize a username message security binding
        WS_USERNAME_MESSAGE_SECURITY_BINDING usernameBinding = {}; // zero out the struct
        usernameBinding.binding.bindingType = WS_USERNAME_MESSAGE_SECURITY_BINDING_TYPE; // set the binding type
        usernameBinding.bindingUsage = WS_SUPPORTING_MESSAGE_SECURITY_USAGE; // set the binding usage
        usernameBinding.clientCredential = &usernameCredential.credential;
        
        // declare and initialize an SSL transport security binding
        WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct
        sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type
        
        // declare and initialize the array of all security bindings
        WS_SECURITY_BINDING* securityBindings[2] = { &sslBinding.binding, &usernameBinding.binding };
        
        // declare and initialize the security description
        WS_SECURITY_DESCRIPTION securityDescription = {}; // zero out the struct
        securityDescription.securityBindings = securityBindings;
        securityDescription.securityBindingCount = WsCountOf(securityBindings);
    
    	hr = WsCreateServiceProxy(WS_CHANNEL_TYPE_REQUEST, WS_HTTP_CHANNEL_BINDING,
    		&securityDescription, NULL, 0,
    		NULL, 0, &serviceProxy, error);
    	 if (FAILED(hr))
    	 {
    		 PrintError(hr, error);
    		 WsFreeHeap(heap);
    		 WsFreeError(error);
    		 return -1;
    	 }
    
    	 WS_ENDPOINT_ADDRESS address = {};
    	 WS_STRING Url = WS_STRING_VALUE(L"https://demo.myService.url"); 
    	 address.url = Url;
    	 hr = WsOpenServiceProxy(serviceProxy, &address, NULL, error);
    
    	 if (FAILED(hr))
    	 {
    		 PrintError(hr, error);
    		 WsFreeServiceProxy(serviceProxy);
    		 WsFreeHeap(heap);
    		 WsFreeError(error);
    		 return -1;
    	 }
    
    	hr = RequestForResult(serviceProxy,arg1, arg2, arg3, &result, heap, NULL, NULL, NULL, error);
    	if (SUCCEEDED(hr))
    		wprintf(L"Successfully created.... %d", 1);
    	else
    	{
    		PrintError(hr, error);
    		wprintf(L"Falied.... %d", 0);
    	}
    	WsCloseServiceProxy(serviceProxy, NULL, error);
    	WsFreeServiceProxy(serviceProxy);
    	getch();
    }

    Thanks in advance

    Regards

    Ashish

    • Edited by agrawal.ashish Monday, February 18, 2013 2:16 PM Added sample code
    Monday, February 18, 2013 12:14 PM

Answers

  • On 2/19/2013 12:42 AM, agrawal.ashish wrote:

    HI Igor Tandetnik <http://social.msdn.microsoft.com/profile/igor%20tandetnik/?ws=usercard-mini>,

    I am using below code is it correct
    DWORD dwIgnoreCnSertValue = WS_CERT_FAILURE_CN_MISMATCH;

    Try

    DWORD dwIgnoreCnSertValue = WS_CERT_FAILURE_CN_MISMATCH |
    WS_CERT_FAILURE_UNTRUSTED_ROOT | WS_CERT_FAILURE_WRONG_USAGE;

    The certificate your server uses is invalid in many ways.

         WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct
         sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type
        sslBinding.binding.properties = rgSslProp;

    You also need to set propertyCount.


    Igor Tandetnik

    Tuesday, February 19, 2013 5:03 PM
  • On 2/19/2013 12:39 PM, agrawal.ashish wrote:

    I tried with your suggested code but now i am getting  error

    "The server returned HTTP status code '403 (0x193)' with text 'Forbidden'.

    The server understood the request, but cannot fulfill it"

    This means you made your way past the certificate problems. Now you have to figure out why the server doesn't want to process your request. It is best to contact the owner of the service you are trying to use.


    Igor Tandetnik

    Tuesday, February 19, 2013 5:44 PM

All replies

  • On 2/18/2013 7:14 AM, agrawal.ashish wrote:

    I am creating an Win32 application for calling web service using WSDL file in which i am getting "The certificate authority is invalid or incorrect" error every time.

    My guess is, you are sending your request over HTTPS, and the certificate reported by the server is invalid, or untrusted, or doesn't match the domain name.


    Igor Tandetnik

    Monday, February 18, 2013 2:44 PM
  • HI Igor Tandetnik,

    Thanks for reply,

    Yes i am sending an Https request, If i access the https URL through web browser and give the same user name and password i am not getting any error.

    How to check for certificate or where to add code for that.

    Am i doing anything wrong in my code.

    Can you please assist me.

    Regards

    Ashish



    Monday, February 18, 2013 2:55 PM
  • On 2/18/2013 9:55 AM, agrawal.ashish wrote:

    Yes i am sending an Https request, If i access the https URL through web browser and give the same user name and password i am not getting any error.

    What is the URL in question, if you don't mind me asking?

    How exactly do you send your request? How do you get that error? Show some code.


    Igor Tandetnik

    Monday, February 18, 2013 3:00 PM
  • HI Igor Tandetnik,

    Did you get anything?

    Please let me know.

    -Ashish


    Monday, February 18, 2013 5:48 PM
  • On 2/18/2013 10:23 AM, agrawal.ashish wrote:

    I have uploaded the sample code at below location(WebService_WSDL.zip)

    https://skydrive.live.com/#cid=EF134C5A42ABFCA3&id=EF134C5A42ABFCA3%21105

    The endpoint in the WSDL file is

    https://demo.passwordexpress.ilantus.com:9095/pxpfilter

    The server at that URL reports a self-signed certificate, not a certificate from a trusted authority. Moreover, the CN= value in the Subject of the certificate is not the domain name of the site, as should be the case for an SSL certificate.

    If you navigate to that URL in your browser, you should get an error. I do.

    If you are willing to ignore the certificate errors (only do that while testing), you can specify WS_SECURITY_BINDING_PROPERTY_CERT_FAILURES_TO_IGNORE binding property in your WS_SSL_TRANSPORT_SECURITY_BINDING.


    Igor Tandetnik

    Monday, February 18, 2013 8:13 PM
  • HI Igor Tandetnik,

    Thanks for giving your precious time.

    As i am new in this i don't know how to set WS_SECURITY_BINDING_PROPERTY_CERT_FAILURES_TO_IGNORE property.

    Can you please assist me how to add it in my code.

    Very thanks.

    --Ashish

    Tuesday, February 19, 2013 5:07 AM
  • HI Igor Tandetnik,

    I am using below code is it correct

    DWORD dwIgnoreCnSertValue = WS_CERT_FAILURE_CN_MISMATCH;
    	
    	WS_SECURITY_BINDING_PROPERTY rgSslProp[1];
    	rgSslProp[0].id = WS_SECURITY_BINDING_PROPERTY_CERT_FAILURES_TO_IGNORE;
    	rgSslProp[0].valueSize = sizeof(DWORD);
    	rgSslProp[0].value = (void*)&dwIgnoreCnSertValue;
        
        // declare and initialize an SSL transport security binding
        WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct
        sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type
    	sslBinding.binding.properties = rgSslProp;

    After using this code i am getting the same ERROR.

    After  specifying WS_SECURITY_BINDING_PROPERTY_CERT_FAILURES_TO_IGNORE binding property is it working your end?

    Regards

    Ashish



    Tuesday, February 19, 2013 5:42 AM
  • HI Igor Tandetnik,

    I am using below code also but still getting the same error :(

    bool CheckValidationResult(System::Object ^sender, 
    			System::Security::Cryptography::X509Certificates::X509Certificate^ cert, 
    			System::Security::Cryptography::X509Certificates::X509Chain^ chain, 
    			System::Net::Security::SslPolicyErrors errors)
    { 
    		return true;
    }
    
    
    System::Net::ServicePointManager::ServerCertificateValidationCallback = gcnew 
    			System::Net::Security::RemoteCertificateValidationCallback(::CheckValidationResult);

    Please help me.

    -Ashish

    Tuesday, February 19, 2013 12:07 PM
  • On 2/19/2013 12:42 AM, agrawal.ashish wrote:

    HI Igor Tandetnik <http://social.msdn.microsoft.com/profile/igor%20tandetnik/?ws=usercard-mini>,

    I am using below code is it correct
    DWORD dwIgnoreCnSertValue = WS_CERT_FAILURE_CN_MISMATCH;

    Try

    DWORD dwIgnoreCnSertValue = WS_CERT_FAILURE_CN_MISMATCH |
    WS_CERT_FAILURE_UNTRUSTED_ROOT | WS_CERT_FAILURE_WRONG_USAGE;

    The certificate your server uses is invalid in many ways.

         WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct
         sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type
        sslBinding.binding.properties = rgSslProp;

    You also need to set propertyCount.


    Igor Tandetnik

    Tuesday, February 19, 2013 5:03 PM
  • HI Igor Tandetnik,

    Many thanks for reply.

    I tried with your suggested code but now i am getting  error

    "The server returned HTTP status code '403 (0x193)' with text 'Forbidden'.

    The server understood the request, but cannot fulfill it"

    Here is the which i used

    //ignore some ssl errors
    	DWORD dwIgnoreCnSertValue = WS_CERT_FAILURE_CN_MISMATCH | WS_CERT_FAILURE_UNTRUSTED_ROOT | WS_CERT_FAILURE_WRONG_USAGE;;
    	WS_SECURITY_BINDING_PROPERTY rgSslProp[1];
    	rgSslProp[0].id = WS_SECURITY_BINDING_PROPERTY_CERT_FAILURES_TO_IGNORE;
    	rgSslProp[0].valueSize = sizeof(DWORD);
    	rgSslProp[0].value = (void*)&dwIgnoreCnSertValue; 
    
    	// declare and initialize an SSL transport security binding
    	WS_SSL_TRANSPORT_SECURITY_BINDING sslBinding = {}; // zero out the struct
    	sslBinding.binding.bindingType = WS_SSL_TRANSPORT_SECURITY_BINDING_TYPE; // set the binding type
    	sslBinding.binding.properties = rgSslProp;
    	sslBinding.binding.propertyCount = WsCountOf(rgSslProp);

    Do you have any idea about above error?

    Regards

    Ashish

    Tuesday, February 19, 2013 5:39 PM
  • On 2/19/2013 12:39 PM, agrawal.ashish wrote:

    I tried with your suggested code but now i am getting  error

    "The server returned HTTP status code '403 (0x193)' with text 'Forbidden'.

    The server understood the request, but cannot fulfill it"

    This means you made your way past the certificate problems. Now you have to figure out why the server doesn't want to process your request. It is best to contact the owner of the service you are trying to use.


    Igor Tandetnik

    Tuesday, February 19, 2013 5:44 PM
  • Hi Igor Tandetnik,

    Very thanks for giving your time :)

    I'll contact to the service owner.

    I'll come back to you if i have any query.

    Please let me know if you get anything related to above error.

    "The server returned HTTP status code '403 (0x193)' with text 'Forbidden'.

    The server understood the request, but cannot fulfill it"

    Thanks & Regards

    Ashish


    Tuesday, February 19, 2013 5:53 PM