All geek questions in one place

WebException Failed to establish trust for SSL / TLS secure channel

My company has developed a .NET web service and a client dll that uses this web service. The web service is hosted on our server via ssl, and the certificate is provided and signed by GoDaddy. We have several clients in a hosted environment who receive the following error message from a client dll when trying to access our web service.

System.Net.WebException The main connection was closed: Failed to establish trust for the SSL / TLS secure channel.

Our solution was for them to open IE on the server, which in itself is a problem for many hosted services and switching to the WSDL URL. IE then pops up a security warning dialog box. It states that the certificate date is valid and a valid name that matches the name of the page, but was issued by a company that you did not decide to trust. When they click "Yes" to continue, the client dll can then successfully connect to the web service and work as usual.

Does anyone have any idea why GoDaddy would not be on the list of valid publishers? On all servers on which we work, GoDaddy is valid. I assume that for security reasons, they removed the credentials for GoDaddy, but are not fully convinced that there is no other underlying problem.

Unfortunately, I was not very lucky to recreate it locally. If I go to Internet Settings and remove GoDaddy’s credentials and hit our service, ssl works fine. I return to the list of publishers, and GoDaddy gets there again. So, my second question is: how do you get rid of GoDaddy so that I can get an invalid certificate warning?

OK, the last question. Is there a way in the code that I can tell the web service to ignore invalid certificates. I saw some posts on how to do this with WCF software, but not using older web services.

+3
source share
5 answers

, , SSL.

SSL-, , SSL. SSL, SSL. ( Firefox, IE). , .

+5

, -:

System.Net.ServicePointManager.ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => { return true; };
+22

VB.NET

   System.Net.ServicePointManager.ServerCertificateValidationCallback = Function(senderX, certificate, chain, sslPolicyErrors)
                                                                             Return True
                                                                         End Function
+2

serverfault, , .

, Windows, . Windows IE. MSDN .

Windows Windows, , , -, , SSL.

, , . Verisign Thawte. - , : .

, -, , , , .

+1

Go Daddy -, Go Daddy Class xxx Starfield Class xxx?

- , Windows Vista, Go Daddy? Go Daddy Class xxx Starfield Class xxx?

, , ? i.e WinXP ?

Root Certificate - Windows Vista.

http://support.microsoft.com/kb/931125

Windows Vista , . - ( HTTPS SSL), (S/MIME) ActiveX, ( ), , Windows Microsoft Update . , (CTL), , , ; Windows.

You will probably find that your Go Daddy certificate path on the web server is considered Starfield Class 2 instead of Go Daddy Class 2, so you installed the wrong root certificate. He caught me in the same way that when viewed on a web server it does not display a warning about the root certificate, it downloads and installs the root certificate of Do Daddy class 2 and removes Starfield, and your problem should disappear.

+1
source

Source: https://habr.com/ru/post/1781294/

More articles:


All Articles