|
Hi
Thomas,
Thanks
for following up on this issue.
- My
root certificate is installed in Trusted Root Certification Authorities. So that
is same as your setup.
- I
also have basic authentication activated and is working fine. So this also is
the same as your setup.
The
only question right now is whether your root certificate is a "real" root
certificate or a "test" one. Mine is a test root certificate
issued by Verisign. Maybe that is a problem with
.NET!
If the
code you are referring to is from a past post (AxisJBossWebServices), I do have
it. You may send it to my personal address if there are any
changes.
Again,
thanks for your help.
Naresh
I do
not have any specific ideas.
I
know that I played around with the different certificate stores from IE (Other
people, Intermediate Certification Authorities, ....) and only by using the
Trusted Root Certification Authorities worked.
This
other thing is that my sample was also using basic authentication . I doubt
that there is a link between the two, but you never know
.....
I
can send you the zip of my sample (using JBoss/Tomcat on the server
side), if you want to try (I will have to send it to your personal
address as the mailing does not like too much such
attachments).
Thomas
Thomas,
I
have found the problem, I have a workaround, but not a real solution
:-(.
The problem is that the .NET client somehow does not trust the root
certificate that is sent from the Axis server (status code 0x800B0109) -
even though I have installed it using IE and IE trusts
it!
The work around is to override the
default CertificatePolicy with my own which blindly trusts any
certificate.
using System;
using System.Net;
using
System.Security.Cryptography.X509Certificates;
namespace DonutStore
{
public enum
CertificateProblem : long {
CertEXPIRED
= 0x800B0101,
CertVALIDITYPERIODNESTING =
0x800B0102,
CertROLE
= 0x800B0103,
CertPATHLENCONST
= 0x800B0104,
CertCRITICAL
= 0x800B0105,
CertPURPOSE
= 0x800B0106,
CertISSUERCHAINING
= 0x800B0107,
CertMALFORMED
= 0x800B0108,
CertUNTRUSTEDROOT
= 0x800B0109,
CertCHAINING
= 0x800B010A,
CertREVOKED
= 0x800B010C,
CertUNTRUSTEDTESTROOT =
0x800B010D,
CertREVOCATION_FAILURE =
0x800B010E,
CertCN_NO_MATCH
= 0x800B010F,
CertWRONG_USAGE
= 0x800B0110,
CertUNTRUSTEDCA
= 0x800B0112
}
public class MyCertificateValidation :
ICertificatePolicy {
public bool
CheckValidationResult(ServicePoint servicePoint, X509Certificate
certificate, WebRequest request, int problem)
{
return true;
}
}
}
Now to override the default CertificatePolicy do
this:
ServicePointManager.CertificatePolicy = new
MyCertificateValidation();
If
you have any thoughts as to why .NET does not trust my root certificate,
please let me know.
Thanks.
Naresh
The IE certificate database is actually not IE specific. It is
shared with any other Microsoft application, including .NET ones. So it
should work.
Here is an extract of a readme file from a sample I wrote some
times ago:
If HTTPS is enabled (see How
do I make HTTPS work?), you can run the secure version of the .NET
application. In order to do that, you need to install the server
certificate so the HTTPS handshake can be successful. With the Axis Java
client, the server certificate was imported in a keystore used by the
client program. For a .NET application, you need to install this
certificate in the Trusted Root Certification Authorities of your Windows
machine. You are supposed to be able to store it in your personal
certificate storage as well, but I did not manage to make it work that
way.
Using Explorer, go in the keystores
folder. You should find a file called server.cer
(if not, you need first to perform all the steps described in How
do I make HTTPS work?). Double click on this file. It should open a
dialog box giving you the details of the certificate (I do not know if you
need anything special installed on your machine in order to do that, but I
do not think so). On the General pane, there is an Install Certificate
button. Click on it. It should start the Certificate Import Wizard. Click
Next. Automatically select the certificate store should work and the
Trusted Root Certification Authorities is picked. Click Next then Finish
then Yes on any confirmation popups. You can remove or check the installed
certificate from Internet Explorer, Tools menu, Internet Options, Content
tab, Certificates button, Trusted Root Certification Authorities tab. The
installed certificate is called localhost (check the
genkey target in the build.xml
file to understand why localhost).
Thomas
Hi,
I have an Axis server running on a SSL port.
Axis clients can successfully connect to it. However C# clients give me
the following error:
Could not establish trust relationship with remote
server
What do I have to do to make the C# client
accept the certificate supplied by the Axis server? I have imported the
server certificate as well as the associated CA certificate in to IE
which now trusts the Axis server. Is there an equivalent process for
.NET web applications?
Any help will be much appreciated.
Thanks.
Naresh Bhatia
|
