[英]WCF : Could not establish trust relationship for the SSL/TLS secure channel with authority error
I have a client site that when a button is clicked it calls a wcf web service. 我有一个客户端站点,当单击一个按钮时,它会调用wcf Web服务。 The client site is http, while the url for the web service is https and requires a certificate.
客户端站点是http,而Web服务的URL是https并且需要证书。 I have a valid signed private key certificate I am using.
我有一个有效的签名私钥证书我正在使用。
Everything works fine on my localhost; 我的localhost一切正常; however, after deploying to a windows 2003 server running iis 6, I get the below error when the web service is called:
但是,在部署到运行iis 6的Windows 2003服务器之后,在调用Web服务时出现以下错误:
Could not establish trust relationship for the SSL/TLS secure channel with authority "host's url"
无法与权限“host's url”建立SSL / TLS安全通道的信任关系
I added the cert to the store, using same web.config that works locally. 我使用在本地工作的相同web.config将证书添加到商店。 I have validated that the web service call finds and sets the valid X509Certificate.
我已经验证了Web服务调用找到并设置了有效的X509Certificate。
Not sure what I am missing, and I don't want to override the servicepiont manager to return true every time. 不确定我缺少什么,我不想重写servicepiont管理器每次都返回true。
Any ideas or things I might looks into? 我可能会研究哪些想法或事物?
Found the problem. 发现了问题。
The root certificate which the host of the web service uses was not trusted by my server. Web服务主机使用的根证书不受我的服务器信任。 (not sure why it was on my local machine and not my server).
(不知道为什么它在我的本地机器而不是我的服务器上)。 I found this out by opening the host's url in a web browser from the server to view their wsdl and got the security warning.
我通过从服务器在Web浏览器中打开主机的URL来查看它们的wsdl并获得安全警告,从而发现了这一点。
Remedy: went to the issuer's site downloaded their root cert and added to my trusted root certifcation authorities. 补救措施:前往发行人的网站下载了他们的根证书并添加到我信任的根证书颁发机构。
Bam, it works now. 巴姆,现在有效。
如果它是私有证书,则必须将其添加到客户端和服务器,因为没有客户端可以验证其根密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.