Skip to main content

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

When I try to connect to a remote WCF service which uses basicHttpBinding and transport security, I got this error message.

It turns out that the reason of the error is the root certificate that issues the certificate for the WCF site is not in the calling machines "Trusted Root Certification Authority" store.

By obtaining the root public certificate and import it into calling machines "Trusted Root Certification Authority" store, the problem solved.

It is easy to obtain root public certificate using just the browser. Take Chrome as an example:


  1. Open Chrome and type the secured URL into the address bar, for example, https://www.google.ca/
  2. In the browser address bar, click the lock icon in front the address. In the pop-up window, click the "Details" link after the sentence "Your connection to this site is private"
  3. Click the "View Certificate" button on the right panel
  4. In the "Certificate" dialog window, click "Certification Path" tab and then double-click the root certificate node.
  5. Another "Certificate" dialog window is open. Click the "Details" tab and then click the "Copy to File" button.
  6. The "Certificate Export Wizard" dialog will open. Follow the screen instruction to export the certificate to file.
  7. Import the saved certificate into "Trusted Root Certification Authority" store of the calling machine.

Comments

Popular posts from this blog

Manage IIS 7 remotely using PowerShell and AppCmd

We can use  Windows PowerShell remoting features  to manage IIS 7 websites remotely.  Currently, remoting is supported on Windows Vista with Service Pack 1 or later, Windows 7, Windows Server 2008, and Windows Server 2008 Release 2.  Start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut and selecting Run As Administrator .  Enable PowerShell Remoting with Enable-PSRemoting -Force Starting a Remote Session using:  Enter-PSSession -ComputerName <COMPUTER> -Credential <USER> Now the PowerShell connected to the remote server. Any commands issued with work against the remote server. We can use the Appcmd.exe command line tool to manage remote server just as what we do locally. For example, to add an application pool: c:\windows\system32\inetsrv\appcmd add apppool /name:"Contoso" /managedPipelineMode:Integrated /managedRuntimeVersion:"v4.0" /enable32BitAppOnWin64:true To change application p...

Entity framework code first error: OriginalValues cannot be used for entities in the Added state

When I was using Entity framework code first, I encountered an error when I tried to create an entity into database. The entity is: [ Table (" EmployeeProfile ")]     public partial class EmployeeProfile     {         [ Key ]         [DatabaseGeneratedAttribute(DatabaseGeneratedOption.Identity)]         public int EmployeeProfileID { get; set; }         [ ForeignKey ("Employee")]         public int EmployeeID { get; set; }         public virtual Employee Employee { get; set; }         [ ForeignKey (" Profile ")]         public int ProfileID { get; set; }         public virtual Profile Profile { get; set; }       ...

X509Certificate2: The system cannot find the file specified.

When I use the new X509Certificate2(fileName, password, X509KeyStorageFlags.DefaultKeySet) to create certificate from certificate file containing private key in my web application, I got following error message: System . Security . Cryptography . CryptographicException : The system cannot find the file specified . at System . Security . Cryptography . CryptographicException . ThrowCryptogaphicException ( Int32 hr ) at System . Security . Cryptography . X509Certificates . X509Utils . _LoadCertFromBlob ( Byte [] rawData , IntPtr password , UInt32 dwFlags , Boolean persistKeySet , SafeCertContextHandle & pCertCtx ) at System . Security . Cryptography . X509Certificates . X509Certificate . LoadCertificateFromBlob ( Byte [] rawData , Object password , X509KeyStorageFlags keyStorageFlags ) at System . Security . Cryptography . X509Certificates . X509Certificate2 .. ctor ( Byte [] rawData , String password , X509KeyStorageFlags keyStorageFlags ) In orde...