Last post Mar 28, 2014 09:59 AM by AidyF
Mar 26, 2014 09:12 AM|Martin subash|LINK
I have created self–signed certificate via IIS and hosted the web API using IP address (not localhost).When
I tried to consume the web API, browser throws certificate error. Also I downloaded and installed the certificate and when consuming it, the error re-occurred.Please
suggest solution if any
Mar 26, 2014 09:26 AM|BrockAllen|LINK
To validate the certificate the hostname in the cert must match the hostname being requested by your client.
Mar 28, 2014 01:46 AM|Martin subash|LINK
i have created a web api and hosted in IIS using SSL self-signed certificate, using IP Address not a hostname,When I m trying to consume that like(https://10.20.30.40:9686/api/controller) in the hosted
Pc browser throws certificate error then I downloaded installed in trusted authority in MMC, and consumed the same, browser doesn’t throws error .now my problem is when I tried to consume from another PC, browser throws certificate error for every call
even after installed the certificate.
Mar 28, 2014 09:40 AM|BrockAllen|LINK
Also, you have to establish trust to the certificate used (either directly or via the issuer). Search the MSDN or TechNet documentation on "certificate trust".
Mar 28, 2014 09:59 AM|AidyF|LINK
Self-signed certs are for development on your local machine. Modern browsers will flag them as invalid but allow the user to continue viewing the site anyway if they agree to a security message. Some services may flat refuse to honour the cert, such as
your web service. If you could just self-cert then https would be useless, if you want ssl in a production environment you need to apply for a proper cert. If you are still developing then just use http for your webservices in development, then configure
them to use https when you go live and the proper cert is in place.
As for the host name issue, if you access a site by its IP then the IP is the hostname.