stackoom
  简体   繁体   中英

Web service call using client certificate in SSIS script task resulting in SSL/TLS issue

 原文  2017-01-18 19:25:51       c#/ ssl/ ssis

Question

I've got an SSIS package in which I'm making a web service request and retrieving some data. The API provider requires that a client certificate be submitted alongside the request for security reasons.

I can get it to work perfectly fine if I run the package from the VS Shell (or even a VS console application) but when I deploy it and run the package via SQLAgent, firing it from SSMS, I get the following error:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'mywebservice.com/endpoint:6185'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory'1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result) --- End of inner exception stack trace --- at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass5'1.b__4(IAsyncResult asyncResult) at System.Threading.Tasks.TaskFactory'1.FromAsyncCoreLogic(IAsyncResult iar, Func'2 endFunction, Action'1 endAction, Task'1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() at ST_1ccd678422b8432a8ea14ce911c575f3.Myclass.<>c__DisplayClass39.<b__22>d__55.MoveNext()

I'm running the job as NT SERVICE\\SQLAgent$Instance and the certificate has been placed in Local Machine, in the following stores: Personal, Trusted Root Certification Authorities, and Trusted People. This doesn't seem to be the issue though since I can get it to work with any of these when I debug via the VS shell/Data Tools.

I'd appreciate any help in advance, thanks!

1 answers

solution1
 0 ACCPTED  2017-01-19 05:38:36

Solved it by doing the following:

  1. Set the job owner to sa .
  2. Created a proxy account under SQL Server Agent --> Proxies --> SSIS Package Execution and set the Principal to my SQL login (domain) account. Also added the SQLAgent Reader, User, and Operator roles under the Principal.
  3. Updated the SSIS job step by changing the SQL Server Agent Service Account to my new Proxy account

Hope this helps someone else.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSIS script task soap web service call error SSIS Script Task Web Service error SSIS script task issue How to pass values to a Web Service from SSIS Script task? PFX Certificate Imported for TLS/SSL Encryption of MQTTnet Client Messages Works with Service but Fails with Xamarin UWP App C# Web Service Call (asmx) over SSL with wildcard certificate How to call Soap web service from ssl certificate and signing attributes SSIS SecurityNegotiationException: could not establish secure channel for SSL/TLS (no certificate) Connecting to a Web Service using Client Certificate authentication Could not establish secure channel for SSL/TLS with authority when calling third party web service along with certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM