Could not create SSL/TLS secure channel - Fixed

Background:

I am accessing a 3rd party client WCF secured web service using a client certificate issued by them. I have added this client certificate to my servers' certificate store. (Ref#1 (packing a certificate), Ref#2 (importing to store))

And I have the client WCF configuration as follows:

<system.serviceModel>
    <bindings>
     <basicHttpBinding>
      <binding name="GoogleServiceSoapBinding">
       <security mode="Transport">
        <transport clientCredentialType="Certificate" />
       </security>
      </binding>
      <binding name="ProvisioningServiceSoapBinding1" />
     </basicHttpBinding> 
    </bindings>
    <client> 
     <endpoint address="https://b2b.google.com/services/ws/ReportingServiceSOAP"
      behaviorConfiguration="GoogleBehavior" binding="basicHttpBinding"
      bindingConfiguration="GoogleServiceSoapBinding" contract="ServiceReferences.Google.Reporting.ReportingService"
      name="GoogleReportingServicePort" />
    </client>

    <behaviors>
      <endpointBehaviors>
        <behavior name="GoogleBehavior">
          <clientCredentials>
            <clientCertificate x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="Root"
                               findValue="0a51fdb7ff6ab5b960763061dc82d7ac636bb0c3"/>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>

when i run my system, it gives me the following error:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'staging.b2b.vocus.com.au'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

In order to find where the problem is, first enable System.Net tracing. Add the following markup to the .config file

<system.diagnostics>
    <trace autoflush="true" />

    <sources>
        <source name="System.Net"> 
            <listeners>
                <add name="System.Net"/>
            </listeners>
            </source>
            <source name="System.Net.Sockets">
            <listeners>
                <add name="System.Net"/>
            </listeners>
            </source>
            <source name="System.Net.Cache">
            <listeners>
                <add name="System.Net"/>
            </listeners>
        </source>
    </sources>
    <sharedListeners>
        <add
            name="System.Net"
            type="System.Diagnostics.TextWriterTraceListener"
            initializeData="System.Net.trace.log"
        />
    </sharedListeners>
    <switches>
        <add name="System.Net" value="Verbose" />
        <add name="System.Net.Sockets" value="Verbose" />               
        <add name="System.Net.Cache" value="Verbose" />
    </switches>
</system.diagnostics>

Now, run the program and open open the "System.Net.trace.log" file in your /bin/ folder

If you could see the following error message in the log, it means your program can't access the certificate keys

AcquireCredentialsHandle() failed with error 0X8009030D.

if it is IIS, follow this => http://www.dotnetnoob.com/2011/01/how-to-give-iis-access-to-private-keys.html

If its a normal program , use this tool to find your private key in the system.
http://msdn.microsoft.com/en-US/library/ms732026.aspx

once u found it, usually in the "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" folder,
> goto properties of your key, 
> open security 
> give your user account read + read & execute permissions
> ok

Now run the program and see if it works.



Popular posts from this blog

Print a receipt using a Thermal Printer with C#.NET

Automatic redirect upon session timeout using ASP.NET MVC and Javascript

Complex Master-Detail Form using Knockout.js and ASP.NET MVC