none
Unable to communicate over Mutual SSL RRS feed

  • Question

  • I have a task where i need to consume a Web Service. This service resides on a different server behind the firewall. The communication must be done over Mutual SSL, where server and the clients are sharing certificates to authenticate. I followed the msdn article -http://weblogs.asp.net/cibrax/mutual-certificate-authentication-for-wcf-rest-services

    I created my client similar , where i attach my certificate to my proxy and make the call.

    Please find the code.

    public static string getMemberInfo()
            {
                string calling = "";
                try
                {
                    BEWCardIDServiceService service = new CardIDServiceService();
                    service.Timeout = 30000;
                    service.ESBSubHeader = new SubHeaderType();
                    service.ESBSubHeader.appID = "appID";
                    service.ESBSubHeader.transactionID = "123456";
                    service.ESBSubHeader.MustUnderstand = true;
    
                    // getting the certificate hereSystem.Security.Cryptography.X509Certificates.X509Certificate signingToken = GetX509Certificate();                service.ClientCertificates.Add(signingToken);
    
                    GetBEMemberInfoBean response = service.getMemberInfo("", "", "", "", "", "", "");
    
                     return response.ToString();
                }
                catch (Exception ex)
                {
                    //throw ex;
                    return calling + "Ex" + ex.Message;
                }
    
    
        }

    I keep getting the error- Could not create SSL/TLS secure channel. I tried using fiddler to view my packet. It shows that it tried to connect to the host service and fails due to authentication.

    Please note my Client is .net and Host Service is in JAVA.

    Thursday, June 11, 2015 9:11 PM

Answers

  • Hi Venkii ,
       According to this case, you need to set the securityprotocol property as “ssl3” for ServicePointManager which may help to resolve this error.
    so you can apply it in Enable method in PermissiveCertificatePolicy based on the mentioned link like below :

    public class PermissiveCertificatePolicy
    {
        public static void Enable()
        {
           ServicePointManager.ServerCertificateValidationCallback +=new RemoteCertificateValidationCallback(RemoteCertValidate);
    
           ServicePointManager.Expect100Continue = true;
          ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
    
        }
        static bool RemoteCertValidate(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
        {
            return true;
        }
    }
    
    Monday, June 15, 2015 9:07 AM