Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSL Certificate Error - SOAP Exception

Posted on 2009-05-05
2
Medium Priority
?
1,358 Views
Last Modified: 2013-11-16
Hi All,

I am trying to replicate a web service and client that is currently working in a production environment but I cannot get it to work locally for debugging.  The application has a login section that calls a web service that works in production but not locally.  There is also a web site that uses the service and this works locally without any issues.

An exception is thrown when ever the login part is called from the client application.  The login command is shown in the code section below.

When this line called an exception is thrown with with the following message:

"SOAP security negotiation with 'http://website.address/Service.svc/Service' for target 'http://website.address/Service.svc/Service' failed. See inner exception for more details."

and the inner message is:

"The X.509 certificate CN=website.address chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation for the certificate."

So it seems that the problem is an SSL certificate issue but I can't figure out why the Certificate is not trusted.  The certificate used by IIS is one I created and it appears to be valid when I view it, it states that it is intended for all application policies and that there is a private key that corresponds to the certificate and there is no 'X' mark indicating a bad cert.  
The only differences I can see between this certificate and the one used on the production machine are the issuer (the local one was issued by "Root Agency" whereas the production one was purchased from a well known Certificate provider) and the intended use for the production one is only:
Ensures the identity of a remote computer
Proves your identity to a remote computer

It seems that the certificate is not being accepted so I tried have added the Certificate to the local machine in in the both local machine and user personal and trusted route certification authorities stores.  I also added the Root Authority certificate to these to see if that was an issue.

The client on the  local machine is able to connect to the production if I remove the URL / IP changes without any SSL issues.

The local environment has been replicated as close as possible to production i.e. same OS, URLs mapped to local IP addresses, identical IIS 6.0 configuration etc.

I have seen some other threads about this that suggest turning off the SSL validation for debugging but is not really appropriate for the type of debugging / testing we wish to do.

This may just be a simple SSL configuration problem as my knowledge of it is not that good but I would really appreciate some help in resolving this issue.

Hopefully this will be simple to resolve,

Many thanks,
Stef
Using DocComms As New Threading.DocumentComms
...
DocComms.DriverServiceInstance.GetBasicUserInfo(LoginArgs.Balance, LoginArgs.RealName, My.Application.Info.Version.ToString(), Branding.Strings.Identity)
...

Open in new window

0
Comment
Question by:stefarg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 1

Accepted Solution

by:
stefarg earned 0 total points
ID: 24314209
Solution found here: http://www.somacon.com/p42.php
0
 
LVL 1

Author Comment

by:stefarg
ID: 24314239
Oh just in case that link becomes dead in the future, the solution involved using SelfSSL from the IIS 6.0 Resource Kit (http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question