[英]Could not establish trust relationship for the SSL/TLS secure channel - SOAP Service
I have a SOAP web service inside that I am calling a third party secured web service (it was HTTP earlier now they secured it).我在里面有一个 SOAP web 服务,我正在调用第三方保护的 web 服务(之前是 Z293CZ6EA246FFF97898DC666)。 they have valid SSL certificate.
他们有有效的 SSL 证书。 while calling the third party service I am getting below error,
在调用第三方服务时,我遇到了错误,
Server was unable to process request.服务器无法处理请求。 ---> The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
---> 底层连接已关闭:无法在 System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.SoapClient.Inv 建立 SSL/TLS 安全通道的信任关系(字符串方法名,对象[]参数)
There are few articles which says TSL 1.2 should be enabled, to check about TSL further, I have below component on my server,很少有文章说应该启用 TSL 1.2,为了进一步检查 TSL,我的服务器上有以下组件,
Here is third party service call,这是第三方服务电话,
Can someone guide me, where should I setup trust relationship?有人可以指导我,我应该在哪里建立信任关系? Do I need to modify my code or just some configurations changes needed
我需要修改我的代码还是只需要一些配置更改
There is a process of exchanging the public key of the service certificate during the secure communication.在安全通信过程中,有一个交换服务证书的公钥的过程。 Therefore, we should establish the trust relationship between the client-side and the server-side.
因此,我们应该在客户端和服务器端之间建立信任关系。 As for mutual certification authentication, we should establish the trust relationship each other.
对于相互认证认证,我们应该建立相互信任关系。
Trust relationship represents the certificate is valid, the server is real and secure.信任关系代表证书有效,服务器真实安全。 Namely, it represents this is a validation of the server's identity.
即,它表示这是对服务器身份的验证。 This also could be accomplished by the below code segments.
这也可以通过以下代码段来完成。
//adding below code segments to ignore the service certificate validation.
ServicePointManager.ServerCertificateValidationCallback += delegate
{
return true;
};
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Ssl3;
More commonly, this should be finished by installing the service Root certificate in the local Trusted Certification Authorities.更常见的是,这应该通过在本地受信任的证书颁发机构中安装服务根证书来完成。
To get the certificate you can either,要获得证书,您可以,
.cer
file..cer
文件。 Here is a detailed step.这是一个详细的步骤。
https://success.outsystems.com/Support/Enterprise_Customers/Installation/Install_a_trusted_root_CA__or_self-signed_certificate https://success.outsystems.com/Support/Enterprise_Customers/Installation/Install_a_trusted_root_CA__or_self-signed_certificate
Feel free to let me know if there is anything I can help with.如果有什么我可以帮忙的,请随时告诉我。
In addition to Abraham post above, make sure that that IIS has enough access to the certificates.除了上面的 Abraham 帖子之外,请确保 IIS 对证书有足够的访问权限。 We faced the issue and at first, it seemed like the app could access the certificates but that wasn't the case.
我们遇到了这个问题,起初,该应用程序似乎可以访问证书,但事实并非如此。 We fixed it by going to the Manage Certificates -> Personal -> Certificates -> Right Click the certificate -> All tasks -> Manage Private Keys -> Add -> Grant Access to "Everyone" (testing only, you should only grant access to IIS).
我们通过转到管理证书 -> 个人 -> 证书 -> 右键单击证书 -> 所有任务 -> 管理私钥 -> 添加 -> 授予“所有人”访问权限(仅测试,您应该只授予访问权限到 IIS)。 The connection worked after doing this.
执行此操作后连接有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.