tags:

views:

594

answers:

2
Q: 

Could not create SSL/TLS secure channel - Could the problem be a proxy server?

I have a c# app that calls a web service method that authenticates using a certificate. The code works, because when it is installed on server A (without a proxy) it authenticates.

When I install the code on server B, at client site, its installed behind a proxy. I've really tried almost everything but I keep getting this error:

Could not create SSL/TLS secure channel

Do you think this issue can be caused by a proxy server? If you've had any personal experience with this please share.

Thanks

+1  A: 

If your certificate is not trusted (is self signed) then C# client will refuse to connect.

twk  2009-10-21 13:19:01
+1, good point, but this cert is payed for and signed.
JL  2009-10-21 16:28:29
You can buy a cert from Verisign (or Thawte, etc.), but it won't be trusted unless Verisign's signing key is in the "Trusted Root Certification Authorities" keystore. Now, in the case of most major CAs, the signing key is already there. However, that's NOT a guarantee. You should definitely check!At the very least, load up the certificate manager and double click on the key and go to the "certification path" tab and make sure it says "This certificate is OK." And, on the client side, you should also see "You have a private key that corresponds to this certificate" on the General tab.
Bryan Slatner  2009-10-22 21:08:58
+2  A: 

In my experience, nearly all such messages are due to some machine in the chain (client, proxy, server) not "liking" a certificate for some reason.

To elaborate on what twk said, if you're using self-signed certificates, or your own CA, you need to install the signing cert in the trusted authorities store on the server at least, and possibly on the proxy.

Common problems I've encountered:

  • The certificate on the server is not signed by an authority that the PROXY or the CLIENT trusts
  • The certificate on the CLIENT is not signed by an authority that the PROXY or the SERVER trusts
  • Oops, I forgot to export the private key when I created the cert to be installed on the client
  • My process does not have read permissions to the private key on the client
  • The client certificate is password protected and I didn't specify credentials when reading the certificate.
Bryan Slatner  2009-10-21 14:03:58

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?