none
Could not establish trust relationship for the SSL/TLS secure channel with authority PC1

    Question

  • i m using WCF service hosted on IIS with https enabled with a self-signed certificate. the problem is that when i open my WCF Service svc file in IE i warn me about not a trusted certificate but with a warning it establish connection to server. but when i m trying to access the WCF service using code it gives me the exception below:
    please help me out of this problem, do i need Trusted signed certificate for my development version or there is something wrong with the configuration of WCF?

    System.ServiceModel.Security.SecurityNegotiationException was unhandled
      Message="Could not establish trust relationship for the SSL/TLS secure channel with authority 'PC1'."
      Source="mscorlib"
      StackTrace:
        Server stack trace:
           at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
           at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
           at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
           at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
           at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
           at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
           at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
           at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
           at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
        Exception rethrown at [0]:
           at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
           at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
           at ConsoleApplication1.ServiceReference1.IService1.GetData(Int32 value)
           at ConsoleApplication1.ServiceReference1.Service1Client.GetData(Int32 value) in C:\Documents and Settings\Shaikh\My Documents\Visual Studio 2008\Projects\WCFServiceSecurity\ConsoleApplication1\Service References\ServiceReference1\Reference.cs:line 50
           at ConsoleApplication1.Program.Main(String[] args) in C:\Documents and Settings\Shaikh\My Documents\Visual Studio 2008\Projects\WCFServiceSecurity\ConsoleApplication1\Program.cs:line 18
           at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
           at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
           at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
           at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
           at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
           at System.Threading.ThreadHelper.ThreadStart()
      InnerException: System.Net.WebException
           Message="The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
           Source="System"
           StackTrace:
                at System.Net.HttpWebRequest.GetResponse()
                at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
           InnerException: System.Security.Authentication.AuthenticationException
                Message="The remote certificate is invalid according to the validation procedure."
                Source="System"
                StackTrace:
                     at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
                     at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
                     at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
                     at System.Net.TlsStream.CallProcessAuthentication(Object state)
                     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
                     at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
                     at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
                     at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
                     at System.Net.ConnectStream.WriteHeaders(Boolean async)
                InnerException:



    Web.Config of The WCF Service is

        <system.serviceModel>
            <diagnostics>
                <messageLogging logEntireMessage="true" maxMessagesToLog="300" logMessagesAtServiceLevel="false" logMalformedMessages="true" logMessagesAtTransportLevel="true"/>
            </diagnostics>
            <bindings>
                <basicHttpBinding>
                    <binding name="BasicHttpBinding_BulkData" maxReceivedMessageSize="524288000">
                        <readerQuotas maxDepth="32" maxStringContentLength="5242880" maxArrayLength="5242880"/>
                        <security mode="TransportWithMessageCredential">
                            <message clientCredentialType="UserName"/>
                           
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
            <services>
                <service name="WcfServiceLibrary.Service1" behaviorConfiguration="WcfServiceLibrary.Service1Behavior">
                    <host>
                        <baseAddresses>
                            <add baseAddress="http://localhost:8731/Design_Time_Addresses/WcfServiceLibrary/Service1/"/>
                        </baseAddresses>
                    </host>
                    <!-- Service Endpoints -->
                    <!-- Unless fully qualified, address is relative to base address supplied above -->
                    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_BulkData" contract="WcfServiceLibrary.IService1">
                        <!--
                  Upon deployment, the following identity element should be removed or replaced to reflect the
                  identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity
                  automatically.
              -->
                        <identity>
                            <dns value="localhost"/>
                        </identity>
                    </endpoint>
                    <!-- Metadata Endpoints -->
                    <!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. -->
                    <!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
                    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
                </service>
            </services>
            <behaviors>
                <serviceBehaviors>
                    <behavior name="WcfServiceLibrary.Service1Behavior">
                        <!-- To avoid disclosing metadata information,
              set the value below to false and remove the metadata endpoint above before deployment -->
                        <serviceMetadata httpGetEnabled="True"/>
                        <!-- To receive exception details in faults for debugging purposes,
              set the value below to true.  Set to false before deployment
              to avoid disclosing exception information -->
                        <serviceDebug includeExceptionDetailInFaults="False"/>
                        <serviceCredentials>
                            <userNameAuthentication customUserNamePasswordValidatorType="WcfServiceLibrary.CustomUserNamePasswordValidator,WcfServiceLibrary" userNamePasswordValidationMode="Custom"/>
                        </serviceCredentials>
                    </behavior>
                </serviceBehaviors>
            </behaviors>
        </system.serviceModel>



    and the code i am using to access the service is

    ServiceReference1.Service1Client client = new ConsoleApplication1.ServiceReference1.Service1Client();

               
                client.ClientCredentials.UserName.UserName = "shoaib";
                client.ClientCredentials.UserName.Password = "shaikh";
               
                Console.WriteLine(client.GetData(123));//exception occurs here.


    Monday, April 21, 2008 5:38 AM

Answers

  • Hi,

     

    I had this one as well, the solution I think what is hapenning is that the WCF client is being asked if is should trust the certificate, and the default bahaviour is to say no.

     

    If this is the case, there are a couple of ways to solve the issue:

     

    1) Override the client cert using the following code:

     

    Imports System.Net
    Imports System.Net.Security
    Imports System.Security.Cryptography.X509Certificates

     

    Public Class TestUtils

        Public Shared Sub OverrideCertificateValidation()
            ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf RemoteCertValidate)
        End Sub

     

        Private Shared Function RemoteCertValidate(ByVal sender As Object, ByVal cert As X509Certificate, ByVal chain As X509Chain, ByVal [error] As System.Net.Security.SslPolicyErrors) As Boolean
            Return True
        End Function
    End Class

     

    (Sorry for the VB, i'm in a VB project right now).

     

    This tells the client to accept the test certificate.

     

    2) Install a root certificate authority on both the client and server boxes:

     

    http://www.codeplex.com/WCFSecurity/Wiki/View.aspx?title=How%20To%20-%20Create%20and%20Install%20Temporary%20Certificates%20in%20WCF%20for%20Message%20Security%20During%20Development&referringTitle=How%20Tos

     

    It's hard work getting your head around WCF security. A month ago i knew nothing, now i just about know enough to get by.

     

    There's a great resource on all things WCF Security related here:

    http://www.codeplex.com/WCFSecurity

     

    Regards,

     

    Alan

     

     

     

    Friday, May 16, 2008 5:49 PM

All replies

  • Shoaib,

    Have you found a solution to your problem yet?  I'm having the same problem.


    Friday, May 16, 2008 4:05 PM
  • Hi,

     

    I had this one as well, the solution I think what is hapenning is that the WCF client is being asked if is should trust the certificate, and the default bahaviour is to say no.

     

    If this is the case, there are a couple of ways to solve the issue:

     

    1) Override the client cert using the following code:

     

    Imports System.Net
    Imports System.Net.Security
    Imports System.Security.Cryptography.X509Certificates

     

    Public Class TestUtils

        Public Shared Sub OverrideCertificateValidation()
            ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf RemoteCertValidate)
        End Sub

     

        Private Shared Function RemoteCertValidate(ByVal sender As Object, ByVal cert As X509Certificate, ByVal chain As X509Chain, ByVal [error] As System.Net.Security.SslPolicyErrors) As Boolean
            Return True
        End Function
    End Class

     

    (Sorry for the VB, i'm in a VB project right now).

     

    This tells the client to accept the test certificate.

     

    2) Install a root certificate authority on both the client and server boxes:

     

    http://www.codeplex.com/WCFSecurity/Wiki/View.aspx?title=How%20To%20-%20Create%20and%20Install%20Temporary%20Certificates%20in%20WCF%20for%20Message%20Security%20During%20Development&referringTitle=How%20Tos

     

    It's hard work getting your head around WCF security. A month ago i knew nothing, now i just about know enough to get by.

     

    There's a great resource on all things WCF Security related here:

    http://www.codeplex.com/WCFSecurity

     

    Regards,

     

    Alan

     

     

     

    Friday, May 16, 2008 5:49 PM
  • Alan Smith MVP is right i tried the 2nd way he defined to solve this problem i was using verisign's signed certificate and i just install root certificate in my client machine and server machine and then its working fine for me.

    • Proposed as answer by Nilay Patel Tuesday, October 06, 2009 9:37 PM
    Monday, May 19, 2008 5:04 AM
  • Also the clients identity

    <certificate encodedValue="certdatagoeshere"

    has to match the SSL certificate used on the IIS server for SSL. So export that certificate into a .cer file. Open that file in notepad and paste the data in for the encoded Value.

    Monday, July 21, 2008 6:01 PM
  • I found better solution for 1) Override the client cert
    I used the following code:

                //Trust all certificates
                System.Net.ServicePointManager.ServerCertificateValidationCallback =
                    ((sender, certificate, chain, sslPolicyErrors) => true);

    • Proposed as answer by Roman_77 Monday, December 08, 2008 2:00 PM
    Monday, December 08, 2008 1:59 PM
  • Thanks Golovchenko, That one line of code really did the trick for me. I was using WsHttp binding for Transport Security in Self hosted WCF service.
    • Proposed as answer by SynDev Wednesday, January 21, 2009 9:36 PM
    Wednesday, January 21, 2009 9:36 PM
  • Worked for me too. BasicHttpBinding with security enabled using a self-signed certificate.
    Monday, June 22, 2009 8:49 PM
  • I just learnt another way to get around this problem that may be better than simply trusting every cert.

    Open C:\WINDOWS\system32\drivers\etc\hosts in notepad.

    At the bottom of that file you should probably see:

    127.0.0.1       localhost

    What you can do is add the ip address of the server and the certificate name, like this:

    172.1.1.1   serverKeyName

    Save and close the 'hosts' file.

    Now in your app.config, change the endpoint address
    from: https://172.1.1.1:port /fooService
    to:     https://serverKeyName:port /fooService

    You will also need to install the certificate, just put the url of the service into IE and you should be prompted to install (during the install you can click 'Details' to determine the certificate name).

    Once you have done that your machine should now trust that server. Worked for me and now I don't have to remember to remove the code that trusts everything :-)
    • Proposed as answer by Eric_To Tuesday, November 03, 2009 6:35 AM
    Friday, July 17, 2009 5:56 AM
  • I found better solution for 1) Override the client cert
    I used the following code:

                //Trust all certificates
                System.Net.ServicePointManager.ServerCertificateValidationCallback =
                    ((sender, certificate, chain, sslPolicyErrors) => true);

    I'm running into the same error and have not worked much with WCF before.  Where do you put this line of code?  In the page calling the service, the global.asax or somewhere else?  Thanks.
    Tuesday, September 22, 2009 6:13 PM
  • I found better solution for 1) Override the client cert
    I used the following code:

                //Trust all certificates
                System.Net.ServicePointManager.ServerCertificateValidationCallback =
                    ((sender, certificate, chain, sslPolicyErrors) => true);

    I'm running into the same error and have not worked much with WCF before.  Where do you put this line of code?  In the page calling the service, the global.asax or somewhere else?  Thanks.
    Golovchenko
    Thank you very much, I owe you one :D

    gswartz :

    You should add this line of code in your client Application before calling the service for first time (perhaps in startup lines e.g.: App.xml.cs for WPF, Program.cs for WinForm, and ...)
    Hope this help ;)
    Monday, October 19, 2009 4:19 PM
  • Golovchenko you are a life saver.  I was looking all over for a solution like this, because the whole point of consuming the services in the first place is that often times you are relying on someone else, and can't just mess with the certificate on the server.  Thanks man.
    Wednesday, March 17, 2010 6:55 PM
  • This is not the good approach. It means you just ignore all Server Certificate. You can do this in test environment, but this is VERY BAD in Production.

    GaganK

    Monday, March 22, 2010 8:18 PM
  • I found better solution for 1) Override the client cert
    I used the following code:

                //Trust all certificates
                System.Net.ServicePointManager.ServerCertificateValidationCallback =
                    ((sender, certificate, chain, sslPolicyErrors) => true);

    Thank you!  This worked for me, have been having problems getting Certificates and my WCF service hosted in IIS to work for a while, this solved the issue.

     

    Will any security issue come up using this when I use a trusted certificate that we purchase?  That's my only worry.

    Friday, July 09, 2010 8:03 PM
  • This is not the good approach. It means you just ignore all Server Certificate. You can do this in test environment, but this is VERY BAD in Production.

    GaganK

    What's the solution then?

     

    I've searched for over a week, and this has been the only solution that got my client application to talk over SSL to the WCF service hosted in IIS setup with requiring SSL and accepting client certs.

     

    I'd like to know what the safe solution is.

    Friday, July 09, 2010 8:06 PM
  • I'd like to know what the safe solution is.


    The safe solution is to check the host name of the certificate you are trying to match in either the wired up method to the 'ServerCertificateValidationCallback' property, or directly in the Lambda expression depending on the method you use. So here would be the proper way to make sure that the callback is validated if the SSL is from MyComany.com:

      Private Shared Function CertificateValidation(ByVal sender As Object, ByVal cert As X509Certificate, ByVal chain As X509Chain, ByVal [error] As System.Net.Security.SslPolicyErrors) As Boolean
    
        'Make sure the correct certificate is being used:
        If cert.Subject.Contains("CN=MyCompany.com") Then
          Return True
        Else
          Return False
        End If
    
      End Function
    

    ...or in a Lambda expression:

    ServicePointManager.ServerCertificateValidationCallback = Function(obj As [Object], certificate As X509Certificate, chain As X509Chain, errors As SslPolicyErrors) (certificate.Subject.Contains("CN=MyCompany.com"))
    

    DO NOT just trust 'all' certificates and Return 'True' all of the time.  The exception being rasied (Could not establish trust relationship...) has merit.  It is telling you the certificate is NOT trusted. You need to explicitly tell the application to 'trust' just those certificates you indicate. But definitiely not 'ALL' by returning true.

    The middle of the following article explains this in reference to downloading files from an FTP server over SSL and needing the same code:

    Download FTP Files Using FTP Over SSL (SFTP) in .NET:
    http://allen-conway-dotnet.blogspot.com/2010/11/download-ftp-files-using-ftp-over-ssl.html

    Thursday, November 11, 2010 3:47 PM
  • Totally agree with atconway and the C# representation:

    System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, cert, chain, errors) => cert.Subject.Contains("CN=YourHost.com"));
    

    Monday, January 17, 2011 6:28 PM
  • I've got the same problem with SharePoint; it's been 2 days :(

    Is there any configurable way rather using C# code?

    The problem is that in my scenario I'm using a reverse proxy so I can't use any C# code as they will be bypassed.

    Using a console application it can connect successfully but when used in SharePoint it gives this error.

     

    Wednesday, January 26, 2011 12:11 PM
  • This did the trick for me. Awesome!
    Wednesday, February 16, 2011 6:19 PM
  • That worked for me! I was just trying to get the source of a page that i already knew had an invalid certificate. Accepted all certificates in this case is a great work around.
    Monday, February 28, 2011 5:21 PM
  • This one did it for me, my app.config contained the fully qualified domain name, but my certificate is registered to simply the server name.

    If you do not get an error in IE, but you do from your .NET app, try this:

    Check your app.config.  If you consumed:

    https://serverKeyName:port/fooService

    but the app.config says

    https://serverKeyName.domain.com:port/fooService

    Then you need to change it to accurately represent what you registered for the certificate, which in my case was simply:

    https://serverKeyName:port/fooService





    Tuesday, May 03, 2011 2:43 PM
  • here is a C# answer... there are three flavors... trust everything, trust sender both in lambda... the last one is plain code :)

            //Trust all certificates
            System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
    
            // trust sender
            System.Net.ServicePointManager.ServerCertificateValidationCallback
              = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));
    

        
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);
    
        // callback used to validate the certificate in an SSL conversation
        private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)
        {
          bool result = false;
          if (cert.Subject.ToUpper().Contains("YourServerName"))
          {
            result = true;
          }
    
          return result;
        }

     

     

     

     

     

     

    Thursday, July 07, 2011 5:16 PM
  • I tried to by-pass and added

    <clientCertificate>

     <authentication certificateValidationMode=" Custom"                              

                     customCertificateValidatorType="CertificateValidator.MyX509Validator, CertificateValidator" />                         

    </clientCertificate>                      

     

    I am getting following error..

     

    Could not establish trust relationship for the SSL/TLS secure channel with authority

     

    I tried to look..

     

    http://www.devatwork.nl/2007/05/wcf-username-authentication/

    http://msdn.microsoft.com/en-us/library/ms733806.aspx

     

    but my service is not bypassing doing “Custom” validation..

     

     

    public class MyX509Validator :

    X509CertificateValidator

    {

     

    public override void Validate(X509Certificate2

    certificate)

    {

     

    Trace.Write("Validator.."

    );

     

    // validate argument

    if (certificate == null

    )

     

    throw new ArgumentNullException("certificate"

    );

     

    ///

    check if the name of the certifcate matches

     

    if (certificate.SubjectName.Name != "CN=Mycert"

    )

     

    throw new SecurityTokenValidationException("Certificated was not issued by thrusted issuer"

    );

    }

    }

    

    Could you please add details or complete code.. How may I use .. this..

     

    Thank you …

     

    

    Tuesday, July 12, 2011 1:43 AM
  • REF:- Could not establish trust relationship for the SSL/TLS secure channel with authority PC1

     

    This worked for me... when tried... Sebastian Castaldi, Alan Smith MVP..

     

    Added into client side at time of service call..

     

    Thanks all of you for valuable contribution..

     

     

     

    Tuesday, July 12, 2011 3:10 PM
  • Great trick!! Thanks a lot.
    Monday, August 08, 2011 4:40 PM
  • You can create a non self-signed certificate in development area and then use this certificate in IIS for applying the SSL. the steps is:

    1. Create Self-Signed certificate

    makecert -r -pe -n "CN=My Root Authority" -ss CA -sr CurrentUser -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer

    1. Create a non self-signed certificate for SSL which signed by this root certificate and then create pfx file from that

      makecert -pe -n "CN=servername" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv server.pvk server.cer

      pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

    now you just need to import the server.pfx into the IIS and setup the web site binding to use this certificate and also install the CA.cer in Local Computer\Trusted Root Certification Authorities store in both server and client

    by doing this WCF client would work with the service through HTTPS without any problem

    Wednesday, March 28, 2012 1:17 AM
  • Thanks Golovchenko!
    Thursday, September 20, 2012 11:34 AM
  • If you place a self-signed certificate in the CA Trusted Root location (development) the ServerCertificateValidationCallback method is not required. Even with this method in the client app we continued to receive this error until installing the self-signed certificate in the CA Trusted Root location. Oh the pain....

    Mike Agee

    Friday, May 24, 2013 11:33 PM