467,211 Members | 1,213 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,211 developers. It's quick & easy.

certificate based web call fails under iis (urgent!)

hallo -
I am making a web request (actually a web service call) from within my
web service.

this works fine under the developement web server - but fails under
IIS with:
>System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
anyone have any suggestions?

I have tried various impersonation / permissions scenarios with no
success.

This is urgent as I'm currently looking like a tit that doesn't know
what he's doing!

thanks,
Oli.

the code is trivial:

_x509Certificate = new X509Certificate(fullFilePath, password);
..
..
requester.ClientCertificates.Add(_x509Certificate) ;

May 11 '07 #1
  • viewed: 3540
Share:
5 Replies
On May 11, 9:29 am, olihar...@googlemail.com wrote:
hallo -
I am making a web request (actually a web service call) from within my
web service.

this works fine under the developement web server - but fails under
IIS with:
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

anyone have any suggestions?

I have tried various impersonation / permissions scenarios with no
success.

This is urgent as I'm currently looking like a tit that doesn't know
what he's doing!

thanks,
Oli.

the code is trivial:

_x509Certificate = new X509Certificate(fullFilePath, password);
.
.
requester.ClientCertificates.Add(_x509Certificate) ;
Did you google it? Lots of stuff got returned

http://www.google.com/search?sourcei...secure+channel
May 11 '07 #2
hi Larry - yeah been googling most of the afternoon - been stuck on
this ~ 4 hours now :(

O.
May 11 '07 #3
I have not installed the certificate in any "certificate store" - it
get's loaded directly off the file system as per:

_x509Certificate = new X509Certificate(fullFilePath, password);

is there some "microsoft way" that I (begrudgingly) have to follow
here? - to my knowledge the cert *must* be loaded from the file system
- but what a lot of other people seem to do is store it, then export
it....

running XP pro.

desperate....

O.

May 11 '07 #4
I think this may be failing under IIS because the certificate is not
valid.

*I already know the certificate is not valid and still want to use
it ! *

I think it's not valid because it is not signed by a CA such as
Verisign.

if I work directly with the Certificate Store like this:

X509Store store = new X509Store(StoreName.Root,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col =
store.Certificates.Find(X509FindType.FindByIssuerN ame, "SAVVIS",true);

I can use that last parameter in "Find" to return only valid Certs -
hence indicating that the cert is not valid (there's surely a better
way).

I think it's perfectly reasonable to use an invalid cert in this way -
anyone got any comments on that - or suggestions on where to go from
here?

ta,
O.
May 11 '07 #5
**** FIXED **** !!!! :) :) :)
.....sort of :(

in order to get this to work (summary: Certificate based security
calling web service from within a web service - only broken under IIS
- works find under dev. server):

- install cert in local machine certificate store
- give ASPNET account permissions on that cert:
winhttpcertcfg.exe -g -c LOCAL_MACHINE\Root -s "SAVVIS" -a
"ASPNET"

....this gives me a deployment and managability headache grrrr. under
the .net 2.0 dev server I don't need any of this, and can read the
cert directly from disk. If anyone has any ideas how to do that under
IIS *please contact me* !!

O.

May 11 '07 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by IWP506@gmail.com | last post: by
1 post views Thread by Dennis.Hoffman@seagate.com | last post: by
1 post views Thread by Charles | last post: by
1 post views Thread by maflatoun@gmail.com | last post: by
2 posts views Thread by =?Utf-8?B?Sm9hY2hpbQ==?= | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.