locked
RemoteCertificateNameMismatch. Could not establish trust relationship for the SSL/TLS secure channel. RRS feed

  • Question

  • Hi,

    I am trying to connect to the partner test web site which is using IP address instead of name for e.g https://256.274.167.246/ghservlet/XMLQuote, it is secured with SSL certificate which is actually the live site certificate and gives the error "RemoteCertificateNameMismatch" when used on browser, however you can ignore it. When this URL is used in Biztalk, I  get the error message "Could not establish trust relationship for the SSL/TLS secure channel.". I know the certificate is not issued to 256.274.167.246, its in another name.

    Is there a way to get this URL working in Biztalk or I need to ask the partner to issue a correct certificate?

    Tuesday, December 1, 2009 11:53 AM

Answers

  • Oh sorry. You should ask the partner to correct their certificate. This could be a problem for all of their partners.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline
    • Marked as answer by Puneet Jain Sunday, December 6, 2009 8:11 AM
    Tuesday, December 1, 2009 3:14 PM
    Moderator

All replies

  • Could you set a hosts file entry to the IP so you know it will resolve (and do it quickly)? Use the name on the certificate in the hosts file for the servername.

    Thanks,
    If this answers your question, please use the "Answer" button to say so | Ben Cline
    Tuesday, December 1, 2009 12:28 PM
    Moderator
  • Hi Ben,

    Probably I am not clear in my question.The certificate is for the live site which resolves to the different ip adress than the test one. The partner is using live site cert for the test site.
    Tuesday, December 1, 2009 12:54 PM
  • Oh sorry. You should ask the partner to correct their certificate. This could be a problem for all of their partners.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline
    • Marked as answer by Puneet Jain Sunday, December 6, 2009 8:11 AM
    Tuesday, December 1, 2009 3:14 PM
    Moderator
  • Hi Puneet,

    Have you tried enabling the client certificate mapping.

    Go to Website --> Properties --> Directory Security --> Secure Communication and select EDIT.

    There you need to enable Client certificate Mapping and that is the place where you can set 1 to 1 or 1 to many
    client certificate mapping.

    Please let me know if you face any problem.

    Regards
    Vishnu


    Vishnu
    Tuesday, December 1, 2009 4:13 PM
  • Hi Vishnu,

    Please confirm if you are referring to making changes at the partner website in IIS?
    Wednesday, December 2, 2009 1:04 PM
  • Yes,

    The one way is, your partner need to map your certificate at their site.

    Regards
    Vishnu
    Vishnu
    Wednesday, December 2, 2009 1:46 PM