none
Could not establish trust relationship for the SSL/TLS secure channel with authority

    Question

  • hi i have a wcf service and a wcf data service with https end points enabled.
    i have added the reference of both in my client app  but while accessing the services i am getting an exception that "Could not establish trust relationship for the SSL/TLS secure channel with authority". data service and wcf service are hosted in azure. i have also added service behaviour in config of both wcf service and data service.
    service config-

     <services>
         
          <service name="WNADataService.WNAService" behaviorConfiguration="WNAAdmin_ServiceBehaviour">
           
          </service>
        </services>
       
        <behaviors>
          <serviceBehaviors>
            <behavior name="WNAAdmin_ServiceBehaviour">
              <serviceMetadata httpGetEnabled="true"/>
              <serviceDebug includeExceptionDetailInFaults="false"/>
              <useRequestHeadersForMetadataAddress>
                <defaultPorts>
                  <add scheme="http" port="81" />
                  <add scheme="https" port="444" />
                </defaultPorts>
              </useRequestHeadersForMetadataAddress>
            
            </behavior>
          </serviceBehaviors>
        </behaviors>

    i have added the service reference with http and i have changed it to https in the config of client.

    below is the client config

      <system.serviceModel>
       
        <bindings>
          <basicHttpBinding>
            <binding name="BasicHttpBinding_IWNAService" closeTimeout="00:01:00"
              openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
              allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
              maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
              messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
              useDefaultWebProxy="true">
              <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
              <security mode="Transport">
              <!--<security mode="">-->
                <transport clientCredentialType="None" proxyCredentialType="None"
                  realm="" />
                <message clientCredentialType="UserName" algorithmSuite="Default" />
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
        <client>
          <endpoint address="http://testservice.cloudapp.net/WNAService.svc"
            binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IWNAService"
            contract="WhatsNewAtServiceRef.IWNAService" name="BasicHttpBinding_IWNAService" />
         
       </client>
      </system.serviceModel>

    Wednesday, August 03, 2011 1:27 PM

Answers

  • Hi JamesRob,

    What is the domain your wildcard certificate is configured for? For example, if the certificate is configured for *.mydomain.com, then you might add a CName record for your sub domain testservice.mydomain.com mapping to testservice.cloudapp.net, then use address http://testservice.mydomain.com/WNAService.svc to access the service.

    Thanks.


    Wenchao Zeng
    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
    • Marked as answer by Rahul-P Wednesday, August 10, 2011 10:52 AM
    Wednesday, August 10, 2011 8:26 AM
  • hi Wenchao Zeng,

    thanks for your help. :) :)

    finally i am able to resolve the problem. 

    when i am trying to view the service in browser its giving me "Could not find a base address that matches scheme HTTPS for the endpoint with binding WSHttpBinding. Registered base address schemes are [HTTP]." which is very common 

    i found that there is nothing wrong with the service the above error is very common. solution to which i found here

    http://www.codeproject.com/KB/WCF/WCF.aspx?msg=2242292#xx2242292xx
    

     

    after that i have hosted the service in iis. but before using it i did ssl  configuration on iis

    by refering below link

    http://www.awesomeideas.net/post/2008/05/18/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx

    i have also added https binding by specifying the ssl certificate in iis.

    by doing this changes now my service is running.

     

     

     


    • Marked as answer by Rahul-P Wednesday, August 10, 2011 10:52 AM
    Wednesday, August 10, 2011 10:52 AM

All replies

  • Hi JamesRob,

    > Could not establish trust relationship for the SSL/TLS secure channel with authority.

    The cause mostly is the certificate for SSL that is not trusted by the client machine. If you are using a self-signed certificate, have you installed it in the client machine (in Trusted Root Certification Authorities)?

    What is the result if you directly input https://testservice.cloudapp.net/WNAService.svc in the IE browser? If you see an error "There is a problem with this website's security certificate.", please click "Continue to this website" and then when the page is opened, please click "Certificate error" in the address bar, click "View certificates", click "Install Certificate...", select "Trusted Root Certification Authorities" as the store to install the certificate. Restart the browser.

    Thanks.


    Wenchao Zeng
    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
    Thursday, August 04, 2011 6:28 AM
  • i have already certificate installed in my machine but still getting the same error.
    Thursday, August 04, 2011 2:56 PM
  • Are you still getting the "There is a problem with this website's security certificate." error when inputting https://testservice.cloudapp.net/WNAService.svc in the browser?


    Wenchao Zeng
    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
    Friday, August 05, 2011 10:21 AM
  • yes i am getting that error "

    There is a problem with this website's security certificate.

    " even though i have  installed certificate on my machine

    when i click on certificate error it shows that "Mismatched error". i am using wildcard certificate.

     

    Wednesday, August 10, 2011 8:00 AM
  • Hi JamesRob,

    What is the domain your wildcard certificate is configured for? For example, if the certificate is configured for *.mydomain.com, then you might add a CName record for your sub domain testservice.mydomain.com mapping to testservice.cloudapp.net, then use address http://testservice.mydomain.com/WNAService.svc to access the service.

    Thanks.


    Wenchao Zeng
    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
    • Marked as answer by Rahul-P Wednesday, August 10, 2011 10:52 AM
    Wednesday, August 10, 2011 8:26 AM
  • hi Wenchao Zeng,

    thanks for your help. :) :)

    finally i am able to resolve the problem. 

    when i am trying to view the service in browser its giving me "Could not find a base address that matches scheme HTTPS for the endpoint with binding WSHttpBinding. Registered base address schemes are [HTTP]." which is very common 

    i found that there is nothing wrong with the service the above error is very common. solution to which i found here

    http://www.codeproject.com/KB/WCF/WCF.aspx?msg=2242292#xx2242292xx
    

     

    after that i have hosted the service in iis. but before using it i did ssl  configuration on iis

    by refering below link

    http://www.awesomeideas.net/post/2008/05/18/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx

    i have also added https binding by specifying the ssl certificate in iis.

    by doing this changes now my service is running.

     

     

     


    • Marked as answer by Rahul-P Wednesday, August 10, 2011 10:52 AM
    Wednesday, August 10, 2011 10:52 AM