Posted By: Rob Schripsema
I have a simple web service call, generated by a .NET (C#) 2.0 windows app, via the web service proxy generated by Visual Studio, for a web service also written in C# (2.0). This has worked for several years, and continues to do so at the dozen or so places where it is running.
A new installation at a new site is running into a problem. When attempting to invoke the web service, it fails with the message saying:
Could not establish a trust relationship for the SSL/TLS secure
The URL of the web service uses SSL (https://) — but this has been working for a long time (and continues to do so) from many other locations.
Where do I look? Could this be a security issue between Windows and .NET that is unique to this install? If so, where do I set up trust relationships? I’m lost!
Thoughts (based on pain in the past):
- do you have DNS and line-of-sight to the server?
- are you using the correct name from the certificate?
- is the certificate still valid?
- is a badly configured load balancer messing things up?
- does the new
servermachine have the clock set correctly (i.e. so that the UTC time is correct [ignore local time, it is largely irrelevent]) – this certainly matters for WCF, so may impact regular SOAP?
- is there a certificate trust chain issue? if you browse from the server to the soap service, can you get SSL?
- related to the above – has the certificate been installed to the correct location? (you may need a copy in Trusted Root Certification Authorities)
- is the server’s machine-level proxy set correctly? (which different to the user’s proxy); see proxycfg for XP / 2003 (not sure about Vista etc)