Error: Cannot obtain Metadata from http ......?wsdl

Question

I have been in the process of converting a http application to https and ssl with a self signed certificate.

for some reason i have to go in the browser to localhost:##### to start the service.

Once the service is started, i test it with the following call in the visual studio 2012 comman prompt:

svcutil.exe https://localhost:10201/?wsdl

and it comes back with

Error: Cannot obtain Metadata from https://localhost:10201/?wsdl

If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address.  For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.


WS-Metadata Exchange Error
    URI: https://localhost:10201/?wsdl

    Metadata contains a reference that cannot be resolved: 'https://localhost:10201/?wsdl'.

    Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:10201'.

    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

    The remote certificate is invalid according to the validation procedure.


HTTP GET Error
    URI: https://localhost:10201/?wsdl

    There was an error downloading 'https://localhost:10201/?wsdl'.

    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

    The remote certificate is invalid according to the validation procedure.

If you would like more help, type "svcutil /?"

Is this detremental to my sucess with HTTPS?

My config looks as such:

<system.serviceModel>

    <!--SERVICES-->
    <services>
      <service name="DuplexService.DuplexService"
         behaviorConfiguration="sb">

        <endpoint
           address="basic"
           binding="customBinding"
           bindingConfiguration="customDuplexBinding"
           contract="DuplexService.Interface.IDuplexServiceContract">
        </endpoint>

        <endpoint
            address=""
            binding="webHttpBinding"
            behaviorConfiguration="webHttpEndpointBehavior"
            bindingConfiguration="webHttpsBinding"
            contract="Interface.IPolicyRetriever">
        </endpoint>

        <endpoint
            address="mex"
            binding="mexHttpsBinding"
            contract="IMetadataExchange">
        </endpoint>

        <host>
        <baseAddresses>
          <add baseAddress="https://localhost:10201" />
        </baseAddresses>
        </host>
      </service>


    </services>


    <!--BEHAVIOURS-->
    <behaviors>
    <!--Policy-->
      <endpointBehaviors>
        <!-- For Policy Service -->
        <behavior name="webHttpEndpointBehavior">
          <webHttp  />
        </behavior>
      </endpointBehaviors>


<!--behaviour for all of the enpoints -->
      <serviceBehaviors>
        <behavior name="sb">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://localhost:10201"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <!-- This will solve a bug that happens if too many items are sent at once from the gateway to the client -->
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
          <serviceThrottling
          maxConcurrentCalls="200"
          maxConcurrentSessions="200"
          maxConcurrentInstances="200" />
        </behavior>
      </serviceBehaviors>
    </behaviors>



    <!-- BINDINGS-->
    <bindings>

    <webHttpBinding>
        <binding name="webHttpsBinding">
            <security mode="Transport">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </webHttpBinding>

      <customBinding>
        <binding name="customDuplexBinding">
          <pollingDuplex duplexMode="MultipleMessagesPerPoll"
               maxOutputDelay="00:00:01"
       serverPollTimeout="00:01:00"
       inactivityTimeout="02:00:00"
       maxPendingMessagesPerSession="2147483647"
       maxPendingSessions="2147483647" />
          <binaryMessageEncoding>
            <readerQuotas
              maxDepth="2147483647"
              maxStringContentLength="2147483647"
              maxArrayLength="2147483647"
              maxBytesPerRead="2147483647"
              maxNameTableCharCount="2147483647" />
          </binaryMessageEncoding>
          <httpsTransport
      maxBufferSize="2147483647"
      maxReceivedMessageSize="2147483647"
      transferMode="StreamedResponse" />
        </binding>
      </customBinding>



    </bindings>




    <!-- Register the binding extension from the SDK. -->
    <extensions>
      <bindingElementExtensions>
        <add name="pollingDuplex"
             type="System.ServiceModel.Configuration.PollingDuplexElement, System.ServiceModel.PollingDuplex" />
      </bindingElementExtensions>
    </extensions>
  </system.serviceModel>

How can i get rid of it? and make the metadata work and the GET work?

Answer 1

I can think of 4 ways to deal with this.

1. Install the self signed cert as a trusted root auth. MMC -> Certificates
2. Use a browser to navigate to the wsdl (click past the cert error), save it off, and generate off the wsdl directly.
   • Put the url of the wsdl in your browser and click past the certificate warning so that you can see the actual wsdl
   • Save the wsdl to your computer. In chrome you can right click, save as.
   • In Visual Studio
     • Right click on the project and select "Add Service Reference"
     • In the Address box, enter the physical path (C:\directory...) of the downloaded wsdl.
     • Hit Go
3. Fire up fiddler and tell it to decrypt https which will install a cert and give you an option to ignore remote cert errors. Described here. http://proq.blogspot.com/2012/02/svcutil-and-https.html
4. Use a cert signed by a trusted root.

I didn't see a svcutil option to ignore cert errors.