问题
I have an WCF-BasicHttp send port calling a web service that is secured with a self signed SSL certificate. This is all deployed in a test environment, where we don't have access to proper certificates.
BizTalk returns an error "Could not establish trust relationship for the SSL/TLS secure channel" because it correctly can't trust an unsigned certificate. Is there any way to configure BizTalk or the send port to disable the certificate validation?
I've seen code samples, but that won't work because there's nothing to code: BizTalk send ports are purely configuration:
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
...
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidationCallback);
...
public static bool OnValidationCallback(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
{
return true;
}
I've also looked at updating the BtsNtSvc.exe.config configuraiton file, specifying checkCertificateName="false" but that doesn't work because that setting only affects message level certificate validation, not transport.
<system.net>
<settings>
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false"/>
</settings>
</system.net>
With Dijkgraaf's response, I have imported the certificate to the appropriate stores for my biztalk send service, and it partially resolves the issue. We have about 65000 messages suspended. If I resume 200 of them in a batch, 50% or more will get sent to the Https web service but the rest will error out with the same error. Eventually BizTalk will retry and the messages will go through. I am unsure what causes the error to manifest at this point - high throughput, or high memory consumption or other.
回答1:
No you can't disable it. You need to add the self signed certificate into the trusted root certificate store of the BizTalk host user, this way it will trust the cert.
来源:https://stackoverflow.com/questions/19550211/disable-wcf-self-signed-certificate-validation-in-biztalk