locked
Service Reference fails with SHA2 Certificate RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Greetings.

    I am an experience developer but am stuck with the following issue:

    We have several web services deployed in a production-like environment on a 2012 server with a SHA2 cert for HTTPS. They are all testable using SoapUI, but SoapUI did need a tweak to handle the SHA2 cert. However, when I attempt to add a service reference from Visual Studio 2013, the same VS that developed the Web Services, BTW 2 are WCF and one is classic, I get the following error message:

    The underlying connection was closed: An unexpected error occurred on a send.
    Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
    An existing connection was forcibly closed by the remote host
    Metadata contains a reference that cannot be resolved: <URLS go here which I don't want to publish>

    This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
    The underlying connection was closed: An unexpected error occurred on a send.
    Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
    An existing connection was forcibly closed by the remote host.

    I am running from a wide-open machine, personal laptop, with no special fire-wall rules in the way. And, BTW, I can add a reference to similar web services in the same environment that are using a SHA1 cert. The certificate is a valid certificate from a cert authority, not self-signed, and works for other clients, java based. Also, I can browse to the WSLD from the machine using my browser with no certificate complaints.

    I don't believe there is an issue with the site as it testable with the SoapUI tool, a java-based tool but an industry standard. I believe there is a setting that I need to configure to allow VS to use HTTPS with SHA2 but I haven't found it yet.

    Thanks.

    Jeff

    Sunday, February 21, 2016 2:53 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi GilliamJ,

    Since the web service works with the SoapUI tool, but it does not work when using the "Add services reference", it seems that the it should be the issue with the firewall or the invalid certificate credential. But the web services works fine with the SHA1 certificate, so in my mind, the issue should be the invalid certificate credential about the SHA2 certificate. Please search on your client configuration and check if it has some setting about certificate and https like this:

    <system.serviceModel>
    <client>
      <!-- this endpoint has an https: address -->
      <endpoint address=" https://localhost/CalculatorService/service.svc " 
                behaviorConfiguration="endpointCredentialBehavior"
                binding="wsHttpBinding" 
                bindingConfiguration="Binding1" 
                contract="Microsoft.Samples.TransportSecurity.ICalculator"/>
    </client>
    <behaviors>
      <endpointBehaviors>
        <behavior name="endpointCredentialBehavior">
          <clientCredentials>
            <clientCertificate findValue="contoso.com"
                               storeLocation="CurrentUser"
                               storeName="My"
                               x509FindType="FindBySubjectName" />
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <!-- configure wsHttpbinding with Transport security mode
                   and clientCredentialType as Certificate -->
        <binding name="Binding1">
          <security mode="Transport">
            <transport clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
  </system.serviceModel>

    The following are some similars thread, please try to refer to:
    http://stackoverflow.com/questions/4351034/authentication-a-wcf-request-via-client-certificate-over-https .
    https://social.msdn.microsoft.com/Forums/en-US/1356e012-f0ef-43b0-9661-2e1a5b705eb5/an-existing-connection-was-forcibly-closed-by-the-remote-host?forum=wcf .

    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, February 23, 2016 2:35 AM