Reputation: 135
Could not create SSL/TLS secure channel with a third party WCF service in IIS
I am trying to consume a third party WCF service, that requires X.509 Certificate to be configured in client side. I am provided with a .p12 file and a passphrase. I installed it in LocalComputer. I configured in my web forms application the store name (My when I installed in personal store, and Root when I did it in TCA). When I tried to make a request it was aborted with the above error. This is already present.
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
Should I do anything extra in IIS where my web forms app is hosted or should I ask the third party for any more files? Is there any steps online describing what a client needs to do in IIS for X.509 cert auth?
The above setup works well in when I use Visual Studio Internal Server by clicking Google Chrome. But the error is when it is published in IIS.
UPDATE: I did this and it works properly in windows server 2008. In windows 7 it is not working still. In windows 7 even the internal visual studio server is not working properly to make this request.
Upvotes: 0
Views: 913
Answers (2)
Reputation: 135
So the problem was that the channel was not TLS1.2. And setting it code like any other answer in other posts suggests will work. If that is not an option, you have to make sure you make request with TLS1.2 by editing in reg edit.
This should help for setting it up in reg edit.
Upvotes: 0
Reputation: 13974
I believe, you need to install the client certificate into CurrentUser\My certificate store, not LocalMachine. Standard users don't have access to certificates installed in LocalMachine store.
Update
The above setup works well in when I use Visual Studio Internal Server by clicking Google Chrome. But the error is when it is published in IIS.
web site in IIS runs under application pool security context. You must install the certificate into Personal store of the account used by application pool. When you run web application in Visual Studion debugger, it runs under your user account and your user account obviously has this certificate in personal store. The error suggests that the certificate is not installed in application pool's personal store.
Upvotes: 1
Related Questions
- How to solve "Could not establish trust relationship for the SSL/TLS secure channel with authority"
- Could not establish secure channel for SSL/TLS with authority '*'
- WCF client - Could not establish secure channel for SSL/TLS
- "could not establish secure channel for ssl/tls with authority" when calling WCF service on specific server
- Could not stablish secure channel for SSL/TLS adding new service reference in Visual Studio
- "Could not create SSL/TLS secure channel" Error while trying to add Https Service from Visual Studio
- System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel
- WCF WF Service, Could not establish secure channel for SSL/TLS with authority
- Wcf service throws exception: Could not establish trust relationship for the SSL/TLS secure channel with authority
- Getting "Could not establish secure channel for SSL/TLS with authority" even though ServerCertificateValidationCallback returns true