HTTPS and Certificate

[Chris]

Hello.
I have an ASP .NET Application that I have been using
that calls a web service on another machine.

Our company wants to implement HTTPS between the two
applications. I have changed the call to the web service
URL to [url]https://example:8700/example[/url]. Now I get a message
indicating:

The underlying connection was closed: Could not establish
trust relationship with remote server.

Does anyone know what I need to do to implement HTTPS? I
have installed the certificate through my browser in a
trusted folder but I can't get my development environment
(Visual Studio) to work. A piece of example code would be
great.

I have seen the same error on many other posts but didn't
see a resolution. Thanks for your help.

[chris]

Hello.
I have an ASP .NET Application that I have been using
that calls a web service on another machine.

Our company wants to implement HTTPS between the two
applications. I have changed the call to the web service
URL to [url]https://example:8700/example[/url]. Now I get a message
indicating:

The underlying connection was closed: Could not establish
trust relationship with remote server.

Does anyone know what I need to do to implement HTTPS? I
have installed the certificate through my browser in a
trusted folder but I can't get my development environment
(Visual Studio) to work. A piece of example code would be
great.

I have seen the same error on many other posts but didn't
see a resolution. Thanks for your help.

I have tried the following code before the call:

wsDBObj.Credentials = CredentialCache.DefaultCredentials
Dim sCertName As String = "C:\TestSSLCertificate\test.cer"
If sCertName.Length <> 0 Then
Dim x509 As X509Certificate =
X509Certificate.CreateFromCertFile(sCertName)
wsDBObj.ClientCertificates.Add(x509)
End If

[Joe Kaplan \(MVP - ADSI\)]

Could it be a problem with the certificate name not matching the URL and the
cert policy causing the failure? I've seen lots of weird cert policy
problems cause failures in the underlying webrequest object that the client
proxy uses.

To combat this, you can create your own ICertificatePolicy class and add it
to the ServicePointManager CertificatePolicy property. I usually have the
CheckValidationResult return true for all cases to start with and then go
from there.

If that fixes the problem, then you know it was a certificate trust issue
that caused the failure.

HTH,

Joe K.

"Chris" <anonymous@discussions.microsoft.com> wrote in message
news:055301c3daaa$3f10b1a0$a001280a@phx.gbl...

> Hello.
> I have an ASP .NET Application that I have been using
> that calls a web service on another machine.
>
> Our company wants to implement HTTPS between the two
> applications. I have changed the call to the web service
> URL to [url]https://example:8700/example[/url]. Now I get a message
> indicating:
>
> The underlying connection was closed: Could not establish
> trust relationship with remote server.
>
> Does anyone know what I need to do to implement HTTPS? I
> have installed the certificate through my browser in a
> trusted folder but I can't get my development environment
> (Visual Studio) to work. A piece of example code would be
> great.
>
> I have seen the same error on many other posts but didn't
> see a resolution. Thanks for your help.
>

[Jan Tielens]

[url]http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx[/url]

When Webservices are used, a common concern is security: SOAP messages are
transferred in plain text over the network, so anyone with a sniffer could
intercept the SOAP message and read it. In my opinion this could happen also
to binary data, but probably it requires a little bit more hacker skills. So
a solution is to use HTTPS (SSL) instead of HTTP, so the communication is
encrypted. To accomplish this, you need to get and install a certificate
(issued by a Certificate Authority) on your webserver. In a production
environment you would buy a certificate from Verisign or another well known
CA, or you would install your own CA, which is a component of Windows
Server. If you only want to play with HTTPS, SSL and certificates or your
project is in the development phase, you can also generate a test
certificate using the MakeCert.exe tool (included in the .NET Framework
SDK). After that you have to add this certificate to a website in IIS, and
set a port which HTTPS should use.

When you browse to a HTTPS site, you probably get a dialog window asking you
if you want to trust the certificate provided by the webserver. So the
responsibility of accepting the certificate is handled by the user. Let's
get back to the webservice scenario, if you want to invoke a webservice
located on a webserver which uses SSL and HTTPS there is a problem. When you
make the call from code, there is no dialog window popping up, and asking if
you trust the certificate (luckily because this would be pretty ugly in
server-side scenarios); probably you'll get following exception:
An unhandled exception of type 'System.Net.WebException' occurred in
system.dll

Additional information: The underlying connection was closed: Could not
establish trust relationship with remote server.

But there is a solution for this problem, you can solve this in your code by
creating your own CertificatePolicy class (which implements the
ICertificatePolicy interface). In this class you will have to write your own
CheckValidationResult function that has to return true or false, like you
would press yes or no in the dialog window. For development purposes I've
created the following class which accepts all certificates, so you won't get
the nasty WebException anymore:
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
public TrustAllCertificatePolicy()
{}

public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert,WebRequest req, int problem)
{
return true;
}
}

As you can see the CheckValidationResult function always returns true, so
all certificates will be trusted. If you want to make this class a little
bit more secure, you can add additional checks using the X509Certificate
parameter for example. To use this CertificatePolicy, you'll have to tell
the ServicePointManager to use it:
System.Net.ServicePointManager.CertificatePolicy = new
TrustAllCertificatePolicy();
This must be done (one time during the application life cycle) before making
the call to your webservice.
--
Greetz,
Jan
__________________________________
Read my weblog: [url]http://weblogs.asp.net/jan[/url]

"chris" <anonymous@discussions.microsoft.com> schreef in bericht
news:0c9801c3dabd$0e015bb0$a501280a@phx.gbl...

> Hello.
> I have an ASP .NET Application that I have been using
> that calls a web service on another machine.
>
> Our company wants to implement HTTPS between the two
> applications. I have changed the call to the web service
> URL to [url]https://example:8700/example[/url]. Now I get a message
> indicating:
>
> The underlying connection was closed: Could not establish
> trust relationship with remote server.
>
> Does anyone know what I need to do to implement HTTPS? I
> have installed the certificate through my browser in a
> trusted folder but I can't get my development environment
> (Visual Studio) to work. A piece of example code would be
> great.
>
> I have seen the same error on many other posts but didn't
> see a resolution. Thanks for your help.
>
> I have tried the following code before the call:
>
> wsDBObj.Credentials = CredentialCache.DefaultCredentials
> Dim sCertName As String = "C:\TestSSLCertificate\test.cer"
> If sCertName.Length <> 0 Then
> Dim x509 As X509Certificate =
> X509Certificate.CreateFromCertFile(sCertName)
> wsDBObj.ClientCertificates.Add(x509)
> End If
>

[Guogang]

As a start point, you may try to visit your new service
[url]https://example:8700/example[/url] using IE, you will see a few dialog boxes
poping up which will provide information on exactly what is not accepted by
your computer.

"Chris" <anonymous@discussions.microsoft.com> wrote in message
news:055301c3daaa$3f10b1a0$a001280a@phx.gbl...

> Hello.
> I have an ASP .NET Application that I have been using
> that calls a web service on another machine.
>
> Our company wants to implement HTTPS between the two
> applications. I have changed the call to the web service
> URL to [url]https://example:8700/example[/url]. Now I get a message
> indicating:
>
> The underlying connection was closed: Could not establish
> trust relationship with remote server.
>
> Does anyone know what I need to do to implement HTTPS? I
> have installed the certificate through my browser in a
> trusted folder but I can't get my development environment
> (Visual Studio) to work. A piece of example code would be
> great.
>
> I have seen the same error on many other posts but didn't
> see a resolution. Thanks for your help.
>