none
Could not establish secure channel for SSL/TLS with authority RRS feed

  • Question

  • After upgrading to VS2013 I am getting a security error.  Everything works perfectly in VS2010 including my Unit Tests and Test Console application however they will not work in 2013.  What could have changed in VS2013 to cause these errors?

    System.ServiceModel.Security.SecurityNegotiationException was caught
      HResult=-2146233087
      Message=Could not establish secure channel for SSL/TLS with authority 'xxxx'.
      Source=mscorlib
      StackTrace:
        Server stack trace:
           at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
           at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
           at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
           at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
           at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
           at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
           at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
        Exception rethrown at [0]:
           at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
           at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
           at xx()
           at xx() in C:\xx\Reference.cs:line 335
           at xx() in C:\xx.cs:line 39
      InnerException: System.Net.WebException
           HResult=-2146233079
           Message=The request was aborted: Could not create SSL/TLS secure channel.
           Source=System
           StackTrace:
                at System.Net.HttpWebRequest.GetResponse()
                at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
           InnerException:

    Friday, April 11, 2014 11:54 AM

Answers

  • Oddly enough it started working and am not sure why because I didnt change anything? The only thing I can think of is I did reboot recently? 
    • Marked as answer by mbevins Thursday, April 24, 2014 10:55 AM
    Thursday, April 24, 2014 10:54 AM

All replies

  • Hi,

    This is a wcf forum, so do you mean that a wcf service can works well in the VS2010, but it throws this error information "Could not establish secure channel for SSL/TLS with authority 'xxxx'." after upgrading to the VS2013?

    If so could you please tell me what authentication type do you use in your wcf service? Then it will be better if you can post your config file here.

    Also please try to enable the wcf tracing to find more cause.

    The following configuration taken from MSDN can be applied to enable tracing on your WCF service.

    <configuration>
      <system.diagnostics>
        <sources>
          <source name="System.ServiceModel"
                  switchValue="Information, ActivityTracing"
                  propagateActivity="true" >
            <listeners>
                 <add name="xml"/>
            </listeners>
          </source>
          <source name="System.ServiceModel.MessageLogging">
            <listeners>
                <add name="xml"/>
            </listeners>
          </source>
          <source name="myUserTraceSource"
                  switchValue="Information, ActivityTracing">
            <listeners>
                <add name="xml"/>
            </listeners>
          </source>
        </sources>
        <sharedListeners>
            <add name="xml"
                 type="System.Diagnostics.XmlWriterTraceListener"
                 initializeData="Error.svclog" />
        </sharedListeners>
      </system.diagnostics>
    </configuration>

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Monday, April 14, 2014 2:29 AM
    Moderator
  • I turned on tracing and it doesnt give me any more details.  Also, yes this is a wcf service which uses Transport security mode and client certificates and yes, everything did and does work perfectly in VS2010 however fails and gives this error in vs2013

    The request was aborted: Could not create SSL/TLS secure channel.
       at System.Net.HttpWebRequest.GetResponse()

    Here is my service web.config

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>

      <system.web>
        <compilation debug="true" targetFramework="4.0" />
      </system.web>

      <system.serviceModel>
        <client>
          <endpoint address="http://localhost/MyApp/ClubService.svc" behaviorConfiguration="MyApp.EndPointBehavior" binding="basicHttpBinding" bindingConfiguration="ClientBinding" contract="ClubServiceProxy.IClubService" name="BasicHttpBinding_IClubService" />
          <endpoint address="http://localhost/MyApp/CustomerService.svc" behaviorConfiguration="MyApp.EndPointBehavior" binding="basicHttpBinding" bindingConfiguration="ClientBinding" contract="CustomerServiceProxy.ICustomerService" name="BasicHttpBinding_ICustomerService" />
          <endpoint address="http://localhost/MyApp/TRPService.svc" behaviorConfiguration="MyApp.EndPointBehavior" binding="basicHttpBinding" bindingConfiguration="ClientBinding" contract="TRPServiceProxy.ITRPService" name="BasicHttpBinding_ITRPService" />
          <endpoint address="http://localhost/MyApp/TestService.svc" binding="basicHttpBinding" bindingConfiguration="ClientBinding" contract="TestServiceProxy.ITestService" name="BasicHttpBinding_ITestService" />
        </client>

        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
       
        <services>
          <service name="MyAppProxy.ClubService" behaviorConfiguration="MyApp.ServiceBehavior">
            <endpoint address="" behaviorConfiguration="MyApp.EndPointBehavior" binding="basicHttpBinding" bindingConfiguration="ServiceBinding" contract="MyAppProxy.IClubService" bindingNamespace="http://MyCompany.com/CompeteDataService/2013/04/01" />
          </service>
          <service name="MyAppProxy.CustomerService" behaviorConfiguration="MyApp.ServiceBehavior">
            <endpoint address="" behaviorConfiguration="MyApp.EndPointBehavior" binding="basicHttpBinding" bindingConfiguration="ServiceBinding" contract="MyAppProxy.ICustomerService" bindingNamespace="http://MyCompany.com/CompeteDataService/2013/04/01" />
          </service>
          <service name="MyAppProxy.TRPService" behaviorConfiguration="MyApp.ServiceBehavior">
            <endpoint address="" behaviorConfiguration="MyApp.EndPointBehavior" binding="basicHttpBinding" bindingConfiguration="ServiceBinding" contract="MyAppProxy.ITRPService" bindingNamespace="http://MyCompany.com/CompeteDataService/2013/04/01" />
          </service>
        </services>

        <bindings>
          <basicHttpBinding>
            <binding name="ServiceBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" >
              <readerQuotas maxStringContentLength="524288000" />
              <security mode="Transport">
                <transport clientCredentialType="Certificate"></transport>
              </security>
            </binding>
            <binding name="ClientBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxBufferSize="20971520" maxReceivedMessageSize="20971520" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" messageEncoding="Text">
              <readerQuotas maxStringContentLength="524288000" />
              <security mode="None"></security>
            </binding>
          </basicHttpBinding>
        </bindings>

        <behaviors>
          <endpointBehaviors>
            <behavior name="MyApp.EndPointBehavior">
              <customInspector />
              <wsdlExtensions singleFile="true" />
            </behavior>
          </endpointBehaviors>
          <serviceBehaviors>
            <behavior name="MyApp.ServiceBehavior">
              <serviceMetadata httpsGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>

        <extensions>
          <behaviorExtensions>
            <add name="customInspector" type="CustomBehaviors.CustomBehaviorExtensionElement, MyAppProxy" />
            <add name="wsdlExtensions" type="WCFExtras.Wsdl.WsdlExtensionsConfig, WCFExtras, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          </behaviorExtensions>
        </extensions>

      </system.serviceModel>

      <system.webServer>

        <httpProtocol>
          <customHeaders>
            <remove name="X-Powered-By" />
          </customHeaders>
        </httpProtocol>

        <modules runAllManagedModulesForAllRequests="true" />

      </system.webServer>

      <system.diagnostics>
        <sources>
          <source name="System.ServiceModel.MessageLogging" switchValue="Information, ActivityTracing">
            <listeners>
              <add type="System.Diagnostics.DefaultTraceListener" name="Default">
                <filter type="" />
              </add>
              <add name="ServiceModelMessageLoggingListener">
                <filter type="" />
              </add>
            </listeners>
          </source>
          <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
            <listeners>
              <add type="System.Diagnostics.DefaultTraceListener" name="Default">
                <filter type="" />
              </add>
              <add name="ServiceModelTraceListener">
                <filter type="" />
              </add>
            </listeners>
          </source>
        </sources>
        <sharedListeners>
          <add initializeData="C:\Temp\app_messages3.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="ServiceModelMessageLoggingListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack">
            <filter type="" />
          </add>
          <add initializeData="C:\Temp\app_tracelog4.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="ServiceModelTraceListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack">
            <filter type="" />
          </add>
        </sharedListeners>
        <trace autoflush="true" />
      </system.diagnostics>

    </configuration>

    Here is my test app

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding name="BasicHttpBinding_IClubService" >
              <security mode="Transport">
                <transport clientCredentialType="Certificate" />
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
        <client>
          <endpoint address="https://Localhost/MyProxy/ClubService.svc"
                    behaviorConfiguration="custom"
              binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IClubService"
              contract="ClubService.IClubService" name="BasicHttpBinding_IClubService" />
        </client>

        <behaviors>
          <endpointBehaviors>
            <behavior name="test" />
            <behavior name="custom">
              <customInspector />
            </behavior>
          </endpointBehaviors>
        </behaviors>
        <extensions>
          <behaviorExtensions>
            <add name="customInspector" type="CustomBehaviors.CustomBehaviorExtensionElement, TestConsoleApplication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
          </behaviorExtensions>
        </extensions>

      </system.serviceModel>

      <system.diagnostics>
        <sources>
          <source name="System.ServiceModel.MessageLogging" switchValue="Information, ActivityTracing">
            <listeners>
              <add type="System.Diagnostics.DefaultTraceListener" name="Default">
                <filter type="" />
              </add>
              <add name="ServiceModelMessageLoggingListener">
                <filter type="" />
              </add>
            </listeners>
          </source>
          <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
            <listeners>
              <add type="System.Diagnostics.DefaultTraceListener" name="Default">
                <filter type="" />
              </add>
              <add name="ServiceModelTraceListener">
                <filter type="" />
              </add>
            </listeners>
          </source>
        </sources>
        <sharedListeners>
          <add initializeData="C:\Temp\app_messages1.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="ServiceModelMessageLoggingListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack">
            <filter type="" />
          </add>
          <add initializeData="C:\Temp\app_tracelog2.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="ServiceModelTraceListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack">
            <filter type="" />
          </add>
        </sharedListeners>
        <trace autoflush="true" />
      </system.diagnostics>

    </configuration>

    Monday, April 14, 2014 12:26 PM
  • Hi,

    Since you used the certificate authenticate in the wcf service, then your service config file should have something will like this:

    <behaviors>
      <serviceBehaviors>
        <behavior name="serviceCredentialBehavior">
          <serviceCredentials>
    <clientCertificate>
        <authentication certificateValidationMode="PeerTrust"/>
      </clientCertificate> <serviceCertificate findValue="Contoso.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors>


    And your client config file will have the following:

    <behaviors>
      <endpointBehaviors>
        <behavior name="ClientCredentialsBehavior">
          <clientCredentials>
     <serviceCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </serviceCertificate> <clientCertificate findValue="Cohowinery.com" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" /> </clientCredentials> </behavior> </endpointBehaviors> </behaviors>

    For more information, please try to refer to:

    #Nine simple steps to enable X.509 certificates on WCF:
    http://www.codeproject.com/Articles/36683/simple-steps-to-enable-X-certificates-on-WCF .

    #Securing WCF Services with Certificates:
    http://www.codeproject.com/Articles/28248/Securing-WCF-Services-with-Certificates .


    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Friday, April 18, 2014 10:13 AM
    Moderator
  • My service is set to use certificates

    <binding name="ServiceBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" >
    <readerQuotas maxStringContentLength="524288000" />
              <security mode="Transport">
                <transport clientCredentialType="Certificate"></transport>
              </security>
            </binding>

    And so is my client

            <binding name="BasicHttpBinding_IClubService" closeTimeout="00:01:00"
              openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
              allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
              maxBufferPoolSize="524288" maxBufferSize="20971520" maxReceivedMessageSize="20971520"
              textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"
              messageEncoding="Text">
              <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
              <security mode="Transport">
                <transport clientCredentialType="Certificate" />
              </security>

    IIS handles the certificate authentication for the service and my client sets what certificate to use in code:

    client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, Properties.Settings.Default.ClientThumbprint);

    I am very familiar how the certificate authentication works have been using it for some time in my wcf service.

    Once again, this exact same project works without any issues in visual studio 2010.  If I open the solution in vs2010 and run it, I get no errors, if I open the exact same solution in vs2013 I get this error.

     

    • Marked as answer by mbevins Thursday, April 24, 2014 10:53 AM
    • Unmarked as answer by mbevins Thursday, April 24, 2014 10:55 AM
    Friday, April 18, 2014 11:26 AM
  • Oddly enough it started working and am not sure why because I didnt change anything? The only thing I can think of is I did reboot recently? 
    • Marked as answer by mbevins Thursday, April 24, 2014 10:55 AM
    Thursday, April 24, 2014 10:54 AM