server certificate is not configured properly with HTTP.SYS in the HTTPS case
Question
I need to use a third party WCF service. I have configured the required certificate on my certificate store however I am getting following exception when calling the WCF service.
An error occurred while making the HTTP request to https://XXXX.com/AHSharedServices/CustomerServiceJAXWSController . This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
I checked with the service vendor and they said everything is good from their end and other people are using this service already. They mentioned that when a request comes from my IP Address their service is not receiving the certificate content. They monitored this into the wireshark and the certificate's length is 0
Following is the my client configuration. Am I missing anything here?
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Warning, ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="D:\Log\MessageLog.svclog"
type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="endpointBehavior">
<clientCredentials>
<clientCertificate findValue="XXX.XX.com" storeName="AddressBook"
x509FindType="FindBySubjectName" />
<serviceCertificate>
<authentication revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://XXXX.com/AHSharedServices/CustomerServiceJAXWSController"
behaviorConfiguration="endpointBehavior" binding="wsHttpBinding"
bindingConfiguration="wsBinding" contract="ServiceReference1.CustomerServiceJAXWSController"
name="testService" />
</client>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" logKnownPii="true" logMessagesAtServiceLevel="true"/>
</diagnostics>
</system.serviceModel>
</configuration>
3 answers
solution1
4 2017-11-21 18:03:28
I once received this error because my client was using TLS 1.0 instead of TLS 1.2. Assuming that you have all of the correct SSL ciphers installed, you could attempt to alter your request to use TLS 1.2 instead. In .NET, you'd add this after your client is defined:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Once I switched to TLS 1.2, the error went away.
solution2
0 2015-08-11 15:09:20
我从 .CRT 和 .KEY 生成了 PFX(附有私钥的证书)并将其导入到证书存储中,这解决了我遇到的问题。
solution3
0 2019-12-25 11:55:00
Use this code before send request to server:
System.Net.ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback = delegate (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
};
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.