Error: Could not establish trust relationship for the SSL/TLS secure channel with authority

Question

I have a wfc VS 2010/C# program that has been running on a Win03 Server for 6 months without issue. The app uses a public key for a remote server to send a request and then our private key to decrypt the response that comes back.

Our cert was about to expire so we issued a new one. We gave the public key to the remote people and installed the private key file on the server, which is a password protect P12. I also installed it on my development machine.

No problems in the development machine. I can send requests and get response just as before. My development machine is a 64bit Win7. On the Win03 server production machine I get the following error: Could not establish trust relationship for the SSL/TLS secure channel with authority '{public key name of remote server}'.

The public key for the remote server has a valid date and a valid chain in my cert store. There are two certs in the chain above this key and both of them have valid dates and chains. I have uninstalled and reinstalled all of the certs and can't get past this. I have no idea what is causing it.

When I Google 'Could not establish trust relationship for the SSL/TLS secure channel with authority' I see dozens of “solutions” for fixing the same problem and they all involve code changes. This does not seem to be what I'm looking for. The code runs fine in the development machine and until this morning ran fine on the production sever. The only thing that changed was our cert.

The one thing I did notice was that the Win03 server does not have Local Computer Cert Store, so it is impossible for me to install certs there. When I import certs I have sometimes let the wizard decide where to put certs and others times told it where to put the certs. Both with the same response. I am always logged in as administrator and always run the application under administrator.

Any idea what is causing my problems?

< UPDATE > I have the same problem on my development PC when I run the compiled program. However, when I run the compiled program and try and view the output with Fiddler, I get the message below from Fiddler. If I say yes, the requests come back as expected. If I say no, I get 100% failure just as with the executable on the server.

Could not establish trust relationship for the SSL/TLS secure channel with authority '555.555.555.555'.

Session #1: The remote server (555.555.555.555) presented a certificate that did not validate, due to RemoteCertificateNameMismatch.

SUBJECT: CN=prods-dp.wellpoint.com, OU=SOA CoE, O=Wellpoint, L=Richmond, S=Virginia, C=US

ISSUER: CN=Anthem Inc Certificate Authority, OU=Ecommerce, O=Anthem Inc, C=US

EXPIRES: 7/10/2013 6:39:09 AM

(This warning can be disabled by clicking Tools | Fiddler Options.)

Greg

Answer 1

I was referencing the ip address in the app.congif instead of the domain name.

Wrong <*endpoint address="https://555.555.555.55/web_service"

Right <*endpoint address="https://thewebservicedomain.com/web_service"

I'm not sure if this is because I have identity block which references the domain name as part of the endpoint, like this...

    <identity>
      <dns value="thewebservicedomain.com" />
    </identity>

Greg