I'm trying to port an existing WCF client application to run on Linux under Mono. Right now I'm testing everything out, figuring out what works on Mono and what doesn't.
The client makes a super simple call over basicHttpBinding. It works great, until I enable SSL (that is, specify BasicHttpSecurityMode.Transport in the binding).
Exception in async operation: System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a
I've read the Mono security FAQ; however the SSL certificate on the server is from a root CA (a purchased certificate) - issued by Equifax Secure Certificate Authority. I ran the TlsTest tool on the Ubuntu install against the .svc URL and there are no problems/errors. Also I can hit the service fine in Firefox (no security warnings).
What am I missing?
The TlsTest file from Mono is really good at checking this, so it seems a bit silly to even ask - but: Can you use the WebClient to make a request to the .svc file and get a response back? If not, there are probably still issues with the certificate for some reason.
I am also guessing you have used the mozroots or certmgr tools to verify the root CA is there? What about explicitly adding the certificate on your site to the store through certmgr?
One more reminder: the certmgr tool generally works on a copy of the certs for the current user, you need to specify the --machine
arg so all users get the cert.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With