Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WCF Self signed certificate is not trusted on the client

Tags:

iis-7

ssl

ssl-certificate

self-signed

wcf

I have a WCF service that is ONLY every used between two server machines. It will NEVER be used publicly.

I was hoping I could use SSL with a self signed certificate for security.

I created a certificate using IIS7, installed it on the client machine using IE and the MMC (Personal, TrustedRoot, Third-Party & TrustedPeople).

I still can't get to the service, either from code or via IE8, without it questioning the certificate.

From IE I get the usual "There is a problem with this website's security certificate."

From code I get the error: "Could not establish trust relationship for the SSL/TLS secure channel with authority"

Why is this not working?

like image 424
baileyswalk Avatar asked Jul 02 '12 14:07

baileyswalk

2 Answers

Are you sure that your self-signed certification is in the Trusted Root Certification Authorities certificate store on the client machine that will be accessing your WCF service? See the screenshot below of a self-signed certificate that is trusted by one of my Windows Vista machines.

Are you also sure that your certificate is a self-signed certificate. See screenshot at end of one of my self-signed certificates.

enter image description here

enter image description here

enter image description here

Updated information:

Check out this posting for information on how to use a utility called SelfSSL7 to create self-signed certificates that contain multiple host names.

Here's another link with good information on SelfSSL7.exe and download information.

like image 195
HeatfanJohn Avatar answered Oct 09 '22 00:10

HeatfanJohn

I had this today - but with IIS7. If you use IIS to generate the cert (inetmgr->select the home node then choose Server Certificates, use the right menu option to create a self certified certificate. The 'issued to' attribute is set using the FQDN of your machine - like 'mymachine.myintranet.copp.net' or whatever.

As long as you FQDN for the url to connect from the service - like 'mymachine.myintranet.copp.net/myservice/service.svc' then the error goes.

If you're using an alternative URL, like an IP address, or localhost, then the error occurs. So, the machine above was obviously known as johnma in his network then it works.

like image 32
user1587804 Avatar answered Oct 09 '22 00:10

user1587804
Sign in to Comment

Related questions

Calling WCF service by VBScript
Programmatically set WCF timeout in debug mode
How to prevent 'Specified' properties being generated in WCF clients?
How would you centralize configuration across multiple projects?
What exceptions may a generated service reference throw?
Why Dispose is being called on DataContract even though the service still refers to it?
How can I add authorization header to the request in WCF?
ContractFilter mismatch at the EndpointDispatcher?
What are the benefits of using WCF over ASMX web services?
WCF, ChannelFactory, "Could not find endpoint element..."
WCF Windows Service - Long operations/Callback to calling module
Minimum OS Permissions required to create named pipe (WCF)
WCF Discovery returns hard-coded URL
ConfigurationErrorsException: This element is not currently associated with any context
How to consume a WCF service with SSRS 2008 R2
How to check if a web service is up and running without using ping?
URI template for POST/PUT restful service
WCF: How can I programmatically recreate these App.config values?
WCF TCP clients - basic guidelines on how to use them?
Single WCF channel performance vs multiple channels

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!