Thursday, April 17, 2008

Error: Could not establish trust relationship for the SSL/TLS secure channel with authority

I got this error when calling a WCF Service over HTTPS. A Similar error can also occurs when you try calling a web service programmatically over SSL (HTTPS) and certificate is either not valid or Certificate is attached to a domain and you are not using the domain name but the machine name or IP address. So, what to do in that case if you don’t care about certificate and would like to accept all certificates. I found that it can be done using one of two ways. 

Main Class – Where you are calling the Web Service, add following Import Statements
Imports System.Security.Cryptography.X509Certificates
Imports System.Net.Security
Imports System.Net
 
Public Class MyWebServiceCall
 
    Public Sub CallServiceUsingFunction()
        'Instanciate the Service here
        'Set all paramaters which you need to pass
        'Before You call the Service
        ServicePointManager.ServerCertificateValidationCallback = AddressOf TrustAllCertificatesCallback
        'Call your service Now.......
    End Sub
 
 
    Public Shared Function TrustAllCertificatesCallback(ByVal sender As Object, ByVal cert As X509Certificate, _
                                                 ByVal chain As X509Chain, ByVal errors As SslPolicyErrors) As Boolean
        Return True
    End Function
    Public Sub CallServiceUsingClass()
        'Instanciate the Service here
        'Set all paramaters which you need to pass
        'Before You call the Service
        Dim CertOverride As New CertificateOverride
        ServicePointManager.ServerCertificateValidationCallback = AddressOf CertOverride.RemoteCertificateValidationCallback
        'Call your service Now.......
    End Sub
End Class
 CertificateOverride Class - An Alternate Option
Public Class CertificateOverride
    Public Function RemoteCertificateValidationCallback(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, _
            ByVal sslPolicyErrors As SslPolicyErrors) As Boolean
        Return True
    End Function
End Class

 

Posted by at
Category:

5 comments:

Anonymous said...

Can anyone recommend the best Network Monitoring program for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central remote environment manager
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

12/20/2009 04:44:00 PM
Anonymous said...

Please, can you PM me and tell me few more thinks about this, I am really fan of your blog...

12/26/2009 10:43:00 PM
Unknown said...

I would personally just renew my ssl cert and this shouldnt happen in future!

2/22/2010 08:56:00 AM
Anonymous said...

Well... that's quiet interessting but frankly i have a hard time visualizing it... wonder how others think about this..

3/09/2010 10:17:00 PM
f.paul said...

Dealer’s Choice Inc. (DCI), began in 1990 providing services and partnering with automobile dealerships to maintain customer loyalty and enhance profitability. DCI provides auto dealers with tools and products that enable them to stay in touch with their customer base while providing quality Finance and Insurance products to increase their profit marginService ContractsOur Dealer clients maintain their ongoing relationship with Dealer’s Choice, Inc. because at DCI we view each Dealer customer as if they are our own...

3/18/2013 08:16:00 AM

Post a Comment

Subscribe to: Post Comments (Atom)