Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost' strange issue

Question

Again strange issue to me.

After I refocused my wcf from http to https, when I try to call .svc methods not from UI, I started to get this exception "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost' issue". Also in InnerException I got this: "The remote certificate is invalid according to the validation procedure".

I have:

            FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");

            if (Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("SkipServerCertificateValidation") == "true")
            {
                ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
            }

In Globasl.asax

I have:

  <system.identityModel>
    <identityConfiguration>
      <certificateValidation certificateValidationMode="None"/>
    </identityConfiguration>
  </system.identityModel>

in Web.config.

My binding is:

<behaviors>
  <serviceBehaviors>
    <behavior name="CustomeBehavior">
      <serviceAuthorization principalPermissionMode="Custom">
        <authorizationPolicies>
          <add policyType="Security.BusinessAuthorizationPolicy, Security" />
        </authorizationPolicies>
      </serviceAuthorization>
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
    <behavior name="SecurityOff">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<protocolMapping>
  <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />

<bindings>
  <basicHttpsBinding>
    <binding name="BasicHttpsBinding" sendTimeout="00:05:00" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
      <readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </basicHttpsBinding>
</bindings>

I can't see where there can be an issue. Also I'm STILL able to call .svc methods without any problems from HomeController.

So, there is my question - What can it be and why this is happening after changes from http to https (or there are another reason)?

Edit: Client set up:

public static ChannelFactory<IBusiness> CreateFactory()
        {
            var authorization = new Authorization()
            {
                Key = GlobalConfig.BusinessAuthorizationKey
            };
            AddressHeader header = AddressHeader.CreateAddressHeader(authorization);
            var address = new EndpointAddress(new Uri(ClientConfig.BusinessServiceEndpoint), header);
            var channel = new ChannelFactory<IBusiness>(address.ResolveBinding(), address);

            var bind = Helper.ResolveBinding(address);

            if (bind is BasicHttpBinding)
            {
                var bindings = bind as BasicHttpBinding;

                bindings.MaxBufferPoolSize = 2147483647;
                bindings.MaxBufferSize = 2147483647;
                bindings.MaxReceivedMessageSize = 2147483647;
                bindings.MessageEncoding = WSMessageEncoding.Text;
                bindings.ReaderQuotas.MaxArrayLength = 2147483647;
                bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
                bindings.ReaderQuotas.MaxDepth = 2147483647;
                bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
                bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
                bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

                channel.Endpoint.Binding = bindings;
            }
            else
            {
                var bindings = bind as BasicHttpsBinding;

                bindings.MaxBufferPoolSize = 2147483647;
                bindings.MaxBufferSize = 2147483647;
                bindings.MaxReceivedMessageSize = 2147483647;
                bindings.MessageEncoding = WSMessageEncoding.Text;
                bindings.ReaderQuotas.MaxArrayLength = 2147483647;
                bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
                bindings.ReaderQuotas.MaxDepth = 2147483647;
                bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
                bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
                bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

                channel.Endpoint.Binding = bindings;
            }

            return channel;
        }

Answer 1

I suppose You'll need to get valid certificate anyway. In meantime you may try to create self-signed certificate using info from powershell

get-help about_signing

Also you'll need to add certificate to IIS

Answer 2

Managed to deal with it.

I simply added

ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;

in factory creation. This thing has never refreshed after one call before, that's the reason I was getting this error, when everything seemed fine.