Please Help!! "Could not establish trust relationship" using SSL

Im trying to set up a simple Hello World web service and client using an SSL connection, using VB.NET. When the client attempts to call the Web Method, I get this error: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship with remote server. This connection will work if I use regular http:// as opposed to https://, and it also works if I use a windows application instead of a web application. I dont need to use client certificates, but if its necessary for the connection I can. From what Ive seen, this is a fairly common problem, but I still havent found a solution that works! Ive tried credentials, certificates, and impersonation, and nothing seemed to help. Thank you for any help! Im really at a loss here. Michael Davis

Re: Please Help!! "Could not establish trust relationship" using SSL

Have you created the certificate yourself? If yes, it suppose it always shows you the confirmation box when you are trying to access the resource (with browser) using https saying that certification authority is not trusted? Anyway, I had same sort of problem with self-issued certificates. Solution was to implement my own Certificate validation policy. I just wanted to get SSL work with self-issued certificates so I did it easy way(there's good example in .NET Framework: ICertificatePolicy interface's docs). First I created class like this:

Imports System
Imports System.Net
Imports System.Security.Cryptography.X509Certificates




Public Class MyCertificateValidation
    Implements ICertificatePolicy




    Public Function CheckValidationResult(ByVal srvPoint As ServicePoint, _
    ByVal cert As X509Certificate, ByVal request As WebRequest, ByVal problem As Integer) _
       As Boolean Implements ICertificatePolicy.CheckValidationResult


       'Return true to specify that certificate is always validated
        Return True




    End Function


End Class

Then used it in client application before calling web service(my client was ASP.NET page using WebRequests as I was testing this functionality):

ServicePointManager.CertificatePolicy = New MyCertificateValidation()

Re: Please Help!! "Could not establish trust relationship" using SSL

Thank you so much! This did the trick! I thought I had done something like this before, but obviously this was right. Thanks again! Michael Davis

Re: Please Help!! "Could not establish trust relationship" using SSL

ASP.Net cannot negotiate a secure connection over https. This is by design. Read the below article: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318103 Be advised that creating a certificatevalidation class and setting it to always return true does not provide a secure connection and will allow any certificate to validate. If your going to do this, what is the point of using https at all?

Re: Please Help!! "Could not establish trust relationship" using SSL

If certificate is valid (trusted authority and so on), it will create connection just fine without any tricks. Article you pointed concerns only and only client certificates (and in this case there were not them in use). For example this works fine:

Dim objReq As HttpWebRequest = WebRequest.Create("https://www.verisign.com/cgi-bin/clearsales_cgi/leadgen.htm?form_id=0110&toc=w252677830110000&email=")
        Dim objResp As HttpWebResponse = CType(objReq.GetResponse(), HttpWebResponse)


        Dim reader As New IO.StreamReader(objResp.GetResponseStream)
        Dim str As String = reader.ReadToEnd
        reader.Close()
        objResp.Close()


        Response.Write(str)

If issuer is non-trusted authority and you connect to there, I understand the non-secure point but if you know the issuer or if it is yourself (you create client applications also), this approach is just fine. Point is to make the traffic encrypted and even with self-issued certificates it is just that. The certificate validation class does not prevent the connection to be secure in encrypted way it just validates if the certificate itself is valid. Certainly invalid certificates are security risk, but if the only "problem" is just that you yourself are not trusted authority but certificate is otherwise OK it is no more security risk than using any other certificate (certificate of trusted root authority).

Re: Please Help!! "Could not establish trust relationship" using SSL

I'm having this same issue, but it's a little odd: 1. ASP.NET app consumes web service 2. Web service is on the SAME server 3. The server uses SSL Now, the app and service were both created using an untrusted certificate, and there was no problem. Recently, however, the certificate was renewed. For some reason the app-service connection does not work now. I tried the ICertificatePolicy approach, but it did not solve the problem. Are there any other reasons that I would get this? Most examples I've seen are making explicit HTTP calls. I am merely accessing a web service. I understand that the calls in the proxy class make the explicit calls, but some fixes that I've seen are to these calls directly. Has anyone seen any other solutions to this problem? Thanks.

Re: Please Help!! "Could not establish trust relationship" using SSL

I was having a similar problem--attempting to POST to a CGI script on another server with https--and creating the MyCertificateValidation class solved the problem. But... can someone give me a good explanation of how and why this works? Preferably in laymen's terms =) Thanks,

Re: Please Help!! "Could not establish trust relationship" using SSL

how did you use https on the windows application??

Re: Please Help!! "Could not establish trust relationship" using SSL

in windows application after i change http to https, it doesn't work, can you show me your code to do it?

Re: Please Help!! "Could not establish trust relationship" using SSL

Thanks for the response. One question: I created the class, but what is the following line: ServicePointManager.CertificatePolicy = New MyCertificateValidation() When I add that line I get an error that ServicePoint is not defined. What am i supposed to put there? Thanks in advance!