none
WCF Client Error :Could not establish trust relationship for the SSL/TLS secure channel with authority '59.160.56.233'

    Question

  • Hi,

     

    I have a WCF Service which is hosted on IIS and HTTPS enabled. When I try to call a method on the service from another machine, I get the following error.

     

    However, it is working fine with a client on the same machine. I got the SSL Cert from Comodo.com's free SSL service. I added all the CAs in the Cert chain to the Trusted Store in my client machine, but nothing works.

     

    What else could be the problem? I came across this post by Sajay https://blogs.gotdotnet.com/sajay/archive/2006/05/30/610671.aspx, but I cant figure out how to implement it.

     

    Can anyone please help ?

     

    {"Could not establish trust relationship for the SSL/TLS secure channel with authority '59.160.56.233'."}

    [System.ServiceModel.Security.SecurityNegotiationException]: {"Could not establish trust relationship for the SSL/TLS secure channel with authority '59.160.56.233'."}

    Data: {System.Collections.ListDictionaryInternal}

    HelpLink: null

    InnerException: {"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."}

    Message: "Could not establish trust relationship for the SSL/TLS secure channel with authority '59.160.56.233'."

    Source: "mscorlib"

    StackTrace: "\r\nServer stack trace: \r\n at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)\r\n at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)\r\n at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)\r\n at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)\r\n at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)\r\n at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)\r\n at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)\r\n at System.ServiceModel.Ch

    annels.ServiceChannelProxy.Invoke(IMessage message)\r\n\r\nException rethrown at [0]: \r\n at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)\r\n at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)\r\n at SSLTestApp.NotificationProxy.IReceiverService.SPG180NotifyEvent(String endpoint, String notificationType, String user, String password, String serviceId, String notificationData, String serviceLogic)\r\n at SSLTestApp.NotificationProxy.ReceiverServiceClient.SPG180NotifyEvent(String endpoint, String notificationType, String user, String password, String serviceId, String notificationData, String serviceLogic) in c:\\users\\imayak\\documents\\visual studio 2008\\projects\\ssltestapp\\ssltestapp\\service references\\notificationproxy\\reference.cs:line 50\r\n at SSLTestApp.Program.Main(String[] args) in C:\\Users\\imayak\\Documents\\Visual Studio 2008\\Projects\\SSLTestApp\\SSLTestApp\\Program.cs:line 20"

    TargetSite: {Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)}

     

     

    Thanks,

    Imaya

    Monday, September 08, 2008 1:13 PM

Answers

  • Hi!!
    Well the problem is that you SSL certificate isn't valid, any reason, but in IE and another browsers you could choose to continue processing the page, to do some similar you could implement a class that implements the ICertificatePolicy like this:

    1 using System.Net;  
    2 using System.Net.Security;  
    3 using System.Security.Cryptography.X509Certificates;  
    4  
    5 namespace Kruger.Common.ProcLibrary  
    6 {  
    7     public class clsSimemPolicy : ICertificatePolicy  
    8     {
    9         #region ICertificatePolicy Members  
    10  
    11         public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem)  
    12         {  
    13             //Due an Invalid Certificate used in the SIMEM site, we must return true to all invalid SSL Request  
    14             return true;  
    15         }
    16
    17         #endregion  
    18  
    19           
    20         public static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)  
    21         {  
    22             //Due an Invalid Certificate used in the site, we must return true to all invalid SSL Request  
    23             return true;  
    24         }  
    25     }  
    26 }  
    27  

    This class must be set as the CertificatePolicy, like this:

    1 System.Net.ServicePointManager.CertificatePolicy = new clsSimemPolicy(); 

    This is before Framework 2.0, of course this must be done before the first call...

    Or only one line with C# 3.0:
    1 ServicePointManager.ServerCertificateValidationCallback += ((sender, certificate, chain, sslPolicyErrors) => 
    2                                                                         true); 


    Hope this helps!!

    Francisco Lomas
    Monday, October 13, 2008 8:00 PM
  • Thanks for the explanation. The other way to solve this problem is, to install the issuer's certificate in the Trusted store of the machine calling the service. That does the trick.
    • Marked as answer by Imayakumar Monday, October 20, 2008 2:30 AM
    • Marked as answer by Imayakumar Monday, October 20, 2008 2:30 AM
    Monday, October 20, 2008 2:30 AM

All replies

  • Hi!!
    Well the problem is that you SSL certificate isn't valid, any reason, but in IE and another browsers you could choose to continue processing the page, to do some similar you could implement a class that implements the ICertificatePolicy like this:

    1 using System.Net;  
    2 using System.Net.Security;  
    3 using System.Security.Cryptography.X509Certificates;  
    4  
    5 namespace Kruger.Common.ProcLibrary  
    6 {  
    7     public class clsSimemPolicy : ICertificatePolicy  
    8     {
    9         #region ICertificatePolicy Members  
    10  
    11         public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem)  
    12         {  
    13             //Due an Invalid Certificate used in the SIMEM site, we must return true to all invalid SSL Request  
    14             return true;  
    15         }
    16
    17         #endregion  
    18  
    19           
    20         public static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)  
    21         {  
    22             //Due an Invalid Certificate used in the site, we must return true to all invalid SSL Request  
    23             return true;  
    24         }  
    25     }  
    26 }  
    27  

    This class must be set as the CertificatePolicy, like this:

    1 System.Net.ServicePointManager.CertificatePolicy = new clsSimemPolicy(); 

    This is before Framework 2.0, of course this must be done before the first call...

    Or only one line with C# 3.0:
    1 ServicePointManager.ServerCertificateValidationCallback += ((sender, certificate, chain, sslPolicyErrors) => 
    2                                                                         true); 


    Hope this helps!!

    Francisco Lomas
    Monday, October 13, 2008 8:00 PM
  • Thanks for the explanation. The other way to solve this problem is, to install the issuer's certificate in the Trusted store of the machine calling the service. That does the trick.
    • Marked as answer by Imayakumar Monday, October 20, 2008 2:30 AM
    • Marked as answer by Imayakumar Monday, October 20, 2008 2:30 AM
    Monday, October 20, 2008 2:30 AM
  • only one line with C# 3.0  

    this solution solved the problem...

    Thanks

    Thursday, October 16, 2014 5:57 AM