none
WCF-WebHttp adapter "Could not establish TLS/SSL secure channel" RRS feed

  • Question

  • Hi Everyone,

    Trying to send XML to some third party API URL using Send Port over "HTTPs Transport Security" with BizTalk WCF-WebHttpAdapter and P12 signed certificate. Certificate is configured under Personal, Trusted Root stores of BizTalk Host instance service account as well as in Local machine "Other People" store. Proxy server is configured with user name and password. I also made sure that BizTalk host instance account has access to certificate private key. BizTalk Host Instance account is also added under Local Administrators.

    But still Send Port repeats getting into suspended state with "Could no establish TLS/SSL secure channel", error.

    I also tested same URL is accessible with IE (using same certificate) and also response received through curl and SOAPUI.

    Is there anybody who figured out its Why its not working in BizTalk, possible solution ?

    Many thanks in Advance.

    Friday, June 12, 2015 4:09 PM

Answers

All replies

  • Few things:

    1. The BizTalk Service Account should not be a member of Local Administrators.  That has nothing to do with cert access.
    2. The remote site's cert should go in the Personal Store of the Computer Account, not the logged on user.  When adding the Certificates snap-in, you must choose Computer Account.
    3. If the remote site is the issuer of the cert (also called self-signed), you have to put their CA cert in the trusted Certificate Authorities Store.
    Friday, June 12, 2015 8:36 PM
    Moderator
  • Thanks Johns-305,

    The remote site's cert is already in Personal Store of the Computer Account and their CA cert in trusted certificate authorities store. But still the same error.

    Regards.

    Sunday, June 14, 2015 7:11 PM
  • Hi Nomi ,

    Could you try disabling the proxy on IE and test the connection again . 

    I would also suggest to go with to similar blog post  on this

    BizTalk caching SSL Certs? – The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

    https://support.microsoft.com/en-us/kb/2328240

    Thanks

    Abhishek

    • Proposed as answer by Angie Xu Tuesday, June 23, 2015 2:25 AM
    • Marked as answer by Angie Xu Thursday, June 25, 2015 2:03 AM
    Monday, June 15, 2015 5:45 AM