tags:

views:

588

answers:

3
Q: 

WCF HTTPS self-hosted service does not work ("connection to the server was reset")

I have a Self-Hosted (Console App) WCF REST service with the following binding:

  • WebMessageEncodingBindingElement
  • HttpsTransportBindingElement (ManualAddressing=true, KeepAliveEnabled=true, AllowCookies=false, HostNameComparisonMode=Exact)

This is exposed over an HTTPS URL ("https://mylaptop/myendpoint")

I have a self-signed certificate issued to "mylaptop" that I assign using myServiceHost.Credentials.ServiceCertificate.SetCertificate. The certificate is added successfully, and the ServiceHost opens successfully (no exceptions). If I type "netsh http show servicestate", I can see that there's a successful registration at https://mylaptop/myendpoint with HTTP.SYS

However, when I issue a GET to the endpoint, it doesn't work. It seems like the socket is dropped even before a valid HTTP response is obtained. (FireFox says "connection to the server was reset", IE says "cannot display the webpage", and if I do the request through Fiddler it says "connection was forcibly closed by the remote host").

Everything works fine when I use HTTP instead of HTTPS.

Any idea what could be going wrong in the HTTPS case?

+2  A: 

You probably need to use httpcfg.exe to reserve your endpoint with HTTP.SYS correctly with a configured X.509 certificate for SSL. The steps to get it done are documented here.

tomasr  2009-10-05 20:05:46
+2  A: 

Or use HttpCfgGui- a much friendlier interface to setting up the server certs w/ HTTP.SYS. This is a must-install on all my servers that do HTTP w/ WCF.

nitzmahone  2009-10-05 20:39:54
A: 

Did you ever solve your problem? I am running into the exact same issue. I implemented a "helloWorld" example with message security and it worked ok. When I switched to transport security I received the same error as you described. I used the following command to bind the service port to a certificate but still am not able to connect from a client after I start the service...

httpcfg set ssl -i 0.0.0.0:9010 -c "My" -h "d97ba741cd0f6c9403cc6683d3e822d5bc2984ab" -f 2

Eling  2010-08-02 16:22:25
The OP marked the answer with the green check mark as accepted, so that probably solved his problem. If that answer and the link in it doesn't help in your case you should ask a new, separate question about your problem. Try to include as many details as possible (error messages/...) so that people can help you.
sth  2010-08-02 16:42:22

related questions

How would you implement a secure static login credentials system in Java?
Blocking https url's in a embedded gecko browser
Restrict Apache to only allow access using SSL for some directories
How to put up an off-the-shelf https to http gateway?
Rails SSL Requirement plugin -- shouldn't it check to see if you're in production mode before redirecting to https?
What's the best way to learn server RESTful code?
Force HTTPS. How is it possible?
How can I get LWP to validate SSL server certificates?
What must I do to make content such as images served over HTTPS be cached client-side?
What does a PHP developer need to know about https / secure socket layer connections?
What's a clean/simple way to ensure the security of a page?
Making sure a web page is not cached, across all browsers.
Best way in asp.net to force https for an entire site?
Any way to handle Put and Delete verbs in ASP.Net MVC?
Response.Redirect with POST instead of Get?
How to get the correct Content-Length for a POST request.
IIS7: HTTP->HTTPS Cleanly
[ASP.NET ERROR] The request was aborted: Could not create SSL/TLS secure channel.
Testing HTTPS files with MAMP
How do banks remember "your computer"?
Avoid traffic shaping by using ssh on port 443
Convince Firefox to send an If-Modified-Since header over HTTPS
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
Options for Google Maps over SSL