|
|
You're in the
dotnet security
group:httpwebrequest failure with .net service
dotnet security:
I have a .net 2.0 service that periodically needs to access a web site on the same 2003 server machine that is configured to use https . The only way I can get this working is to run the service with the administrator login , no other account (system, local service, or account that is a member of the administrators group ). the failure is 2148074254 - No credentials are available in the security package and the message is The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel any ideas on how to proceed ? thanks, chaz
Do you know if SSL client certificate authentication is being performed? It
may be the case that the server is requesting client cert auth and only the admin account on your box has permissions to access the private key for the client cert that is being used (which may actually be the server's own SSL cert since it is the same box). Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "chaz" <chaz@newsgroup.nospam> wrote in message news:22D2686D-2462-4E56-8F53-CD2BAC888EE1@microsoft.com... > running Hi, > I have a .net 2.0 service that periodically needs to access a web site on > the same 2003 server machine that is configured to use https . > The only way I can get this working is to run the service with the > administrator login , no other account (system, local service, or account > that is a member of the administrators group ). > > the failure is 2148074254 - No credentials are available in the security > package > and the message is > The underlying connection was closed: Could not establish trust > relationship for the SSL/TLS secure channel > > any ideas on how to proceed ? > > thanks, > chaz > > > >
Hell,
if the root certificate of your SSL certificate is not in the trusted root certificate store, you get this error. The best way to deal with this is to add it to that store.If you can't do this for whatever reason, you can disable the check using this line of code, which you should rould once during the start of your program: ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }; Kind regards, Henning [quoted text, click to view] "chaz" <chaz@newsgroup.nospam> wrote in message
news:22D2686D-2462-4E56-8F53-CD2BAC888EE1@microsoft.com... > running Hi, > I have a .net 2.0 service that periodically needs to access a web site on > the same 2003 server machine that is configured to use https . > The only way I can get this working is to run the service with the > administrator login , no other account (system, local service, or account > that is a member of the administrators group ). > > the failure is 2148074254 - No credentials are available in the security > package > and the message is > The underlying connection was closed: Could not establish trust > relationship for the SSL/TLS secure channel > > any ideas on how to proceed ? > > thanks, > chaz > > > >
Hi,
Thanks to you both of you for the valuble feedback. I've implemented your work-around Henning and this works well with "ignore certificates" or "accept certificates" . Eventualy I will want to figure out the issue but for now I can move on to the next issue which is - "require certificates" . Joe started me thinking that this may just work if the windows service could use the web-sites server certificate as a client certificate when making the HTTPS request . Do either of you have suggestions regarding this issue . Are client certificates for services/processes ( or machines for that matter) routinely generated ? If so how would one map theses ? Any pointers , ideas would be appreciated . thanks, chaz [quoted text, click to view] "Henning Krause [MVP - Exchange]" wrote:
> Hell, > > if the root certificate of your SSL certificate is not in the trusted root > certificate store, you get this error. > > The best way to deal with this is to add it to that store.If you can't do > this for whatever reason, you can disable the check using this line of code, > which you should rould once during the start of your program: > > ServicePointManager.ServerCertificateValidationCallback = delegate(object > sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors > sslPolicyErrors) { return true; }; > > Kind regards, > Henning > > "chaz" <chaz@newsgroup.nospam> wrote in message > news:22D2686D-2462-4E56-8F53-CD2BAC888EE1@microsoft.com... > > running Hi, > > I have a .net 2.0 service that periodically needs to access a web site on > > the same 2003 server machine that is configured to use https . > > The only way I can get this working is to run the service with the > > administrator login , no other account (system, local service, or account > > that is a member of the administrators group ). > > > > the failure is 2148074254 - No credentials are available in the security > > package > > and the message is > > The underlying connection was closed: Could not establish trust > > relationship for the SSL/TLS secure channel > > > > any ideas on how to proceed ? > > > > thanks, > > chaz > > > > > > > > >
So, it sounds like you ARE trying to do client certificate authentication if
you are planning to require client certificates. As such, the key to this is to make sure you have an appropriate client certificate available for your client and make sure the identity that is running your code has permissions to access the private key for that certificate. I think that was the original problem you were having, as the admin account had access to the private key for the cert you were using but no other account did (which is normal). Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "chaz" <chaz@newsgroup.nospam> wrote in message news:072EE075-A935-46CE-A357-4DFF0EFF0376@microsoft.com... > Hi, > Thanks to you both of you for the valuble feedback. > I've implemented your work-around Henning and this works well with "ignore > certificates" or "accept certificates" . Eventualy I will want to figure > out > the issue but for now I can move on to the next issue which is - "require > certificates" . > Joe started me thinking that this may just work if the windows service > could use the web-sites server certificate as a client certificate when > making the HTTPS request . Do either of you have suggestions regarding > this > issue . Are client certificates for services/processes ( or machines > for > that matter) routinely generated ? If so how would one map theses ? > > Any pointers , ideas would be appreciated . > thanks, > chaz > > > > "Henning Krause [MVP - Exchange]" wrote: > >> Hell, >> >> if the root certificate of your SSL certificate is not in the trusted >> root >> certificate store, you get this error. >> >> The best way to deal with this is to add it to that store.If you can't do >> this for whatever reason, you can disable the check using this line of >> code, >> which you should rould once during the start of your program: >> >> ServicePointManager.ServerCertificateValidationCallback = delegate(object >> sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors >> sslPolicyErrors) { return true; }; >> >> Kind regards, >> Henning >> >> "chaz" <chaz@newsgroup.nospam> wrote in message >> news:22D2686D-2462-4E56-8F53-CD2BAC888EE1@microsoft.com... >> > running Hi, >> > I have a .net 2.0 service that periodically needs to access a web site >> > on >> > the same 2003 server machine that is configured to use https . >> > The only way I can get this working is to run the service with the >> > administrator login , no other account (system, local service, or >> > account >> > that is a member of the administrators group ). >> > >> > the failure is 2148074254 - No credentials are available in the >> > security >> > package >> > and the message is >> > The underlying connection was closed: Could not establish trust >> > relationship for the SSL/TLS secure channel >> > >> > any ideas on how to proceed ? >> > >> > thanks, >> > chaz >> > >> > >> > >> > >> >>
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |