Menu
Trying to set up a self signed certificate, for our intranet's web services site. The certificate itself shows it is "ok" but when trying to invoke a method from the web service it throws an error, and also while adding the web reference it gives a warning.
Here are the steps and some screenshots to make sure i provide accurate information.
Windows server 2003. IIS. The web site is "WebServices.companyName.vmc"
Here is the host header for the site
From the server, it shows the cert is 'ok'.
Here are some of the site settings
Now, in visual studio 2008, adding the web reference
Clicking 'Yes' to the popup
Clicking 'No' to this popup, several times sequentially.
After the line of code runs, which calls the web service... i get this error
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
And when webservice site in a browser, the little pad lock by the URL bar, provides this message:
Here is my existing code:
Dim mySvc As New WebServices.InstantAccount
mySvc.calledFunction()
EDIT
For anyone with a similar issue, please read both iamkrillin's answer, and my answer... as they are both two different ways of solving the issue... depending on which part you can control (the code, or the cert).
646
When you run Invoke-WebRequest or Invoke-RestMethod command, sometimes you get the error “ The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel .” because there could be a certificate issue or the required windows version doesn’t support the TLS or SSL version.
The exception in the title says that you are connecting to an endpoint with TLS encryption, and the certificate exposed by that endpoint is not trusted by you. This means that is not signed with a certificate that you have in your CA (Certificate Authority) Store. Like a self-signed certificate.
You can trust the certificate by adding it to trusted root certificate or you can ignore the certificate that what we generally do on browser. Another error article: PowerShell Invoke-WebRequest The request was aborted Could not create SSL TLS secure channel
You can double-click on each level in the certificate chain to go to that particular certificate, then click on “Details” tab, “Copy to File” to save the certificate with the default settings. As an example, get both VeriSign & VeriSign Class 3 Extended Validation SSL CA. Hope this helps!
iamkrillin did have a working solution, in that his code will ignore the invalid cert, and allow the application to use the web service.
In addition to this, I have corrected the certificate so that i no longer need to ignore the invalid cert.
The host header value (shown in OP) was WebServices.mycompany.vmc , but the "Common Name" or "Friendly Name" for the certificate (shown in OP screenshot 3 for 'Certification Path') was WebServices.
The common name, and the website URL need to match. I recreated the self-signed cert with a common name of "WebServices.mycompany.vmc" and now the certificate error is gone. The web service is available for use, without the coder needing to ignore invalid certs for the application.
82
Add this line of code somewhere before you create your service client.
ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
Do note: this will cause your app to accept all invalid certs and just keep moving. If this is not acceptable, you can attach a function to that and do processing to determine if the cert error is ok or not
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
