WCF Self signed certificate is not trusted on the client

爷,独闯天下 提交于 2019-12-04 18:18:58

问题


I have a WCF service that is ONLY every used between two server machines. It will NEVER be used publicly.

I was hoping I could use SSL with a self signed certificate for security.

I created a certificate using IIS7, installed it on the client machine using IE and the MMC (Personal, TrustedRoot, Third-Party & TrustedPeople).

I still can't get to the service, either from code or via IE8, without it questioning the certificate.

From IE I get the usual "There is a problem with this website's security certificate."

From code I get the error: "Could not establish trust relationship for the SSL/TLS secure channel with authority"

Why is this not working?


回答1:


Are you sure that your self-signed certification is in the Trusted Root Certification Authorities certificate store on the client machine that will be accessing your WCF service? See the screenshot below of a self-signed certificate that is trusted by one of my Windows Vista machines.

Are you also sure that your certificate is a self-signed certificate. See screenshot at end of one of my self-signed certificates.

Updated information:

Check out this posting for information on how to use a utility called SelfSSL7 to create self-signed certificates that contain multiple host names.

Here's another link with good information on SelfSSL7.exe and download information.




回答2:


I had this today - but with IIS7. If you use IIS to generate the cert (inetmgr->select the home node then choose Server Certificates, use the right menu option to create a self certified certificate. The 'issued to' attribute is set using the FQDN of your machine - like 'mymachine.myintranet.copp.net' or whatever.

As long as you FQDN for the url to connect from the service - like 'mymachine.myintranet.copp.net/myservice/service.svc' then the error goes.

If you're using an alternative URL, like an IP address, or localhost, then the error occurs. So, the machine above was obviously known as johnma in his network then it works.




回答3:


The reason it doesn't work is that IE detects that the certificate was not created from a valid CA (Certificate Authority). Self signed certificates are more for testing than anything else. There wouldn't be much point to SSL if you weren't warned about it.



来源:https://stackoverflow.com/questions/11296092/wcf-self-signed-certificate-is-not-trusted-on-the-client

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!