WCF:无法为具有权限错误的 SSL/TLS 安全通道建立信任关系
我有一个客户端站点,当单击按钮时,它会调用 wcf Web 服务.客户端站点是 http,而 Web 服务的 url 是 https 并且需要证书.我有我正在使用的有效签名私钥证书.
I have a client site that when a button is clicked it calls a wcf web service. The client site is http, while the url for the web service is https and requires a certificate. I have a valid signed private key certificate I am using.
在我的本地主机上一切正常;但是,在部署到运行 iis 6 的 Windows 2003 服务器后,调用 Web 服务时出现以下错误:
Everything works fine on my localhost; however, after deploying to a windows 2003 server running iis 6, I get the below error when the web service is called:
无法为 SSL/TLS 安全通道建立信任关系具有主机网址"权限
Could not establish trust relationship for the SSL/TLS secure channel with authority "host's url"
我使用在本地工作的相同 web.config 将证书添加到商店.我已经验证 Web 服务调用找到并设置了有效的 X509Certificate.
I added the cert to the store, using same web.config that works locally. I have validated that the web service call finds and sets the valid X509Certificate.
不确定我错过了什么,我不想覆盖 servicepiont 管理器每次都返回 true.
Not sure what I am missing, and I don't want to override the servicepiont manager to return true every time.
我可能会研究什么想法或事情?
Any ideas or things I might looks into?
发现问题.
我的服务器不信任 Web 服务主机使用的根证书.(不知道为什么它在我的本地机器上而不是我的服务器上).我通过在服务器的 Web 浏览器中打开主机的 url 以查看其 wsdl 并收到安全警告,发现了这一点.
The root certificate which the host of the web service uses was not trusted by my server. (not sure why it was on my local machine and not my server). I found this out by opening the host's url in a web browser from the server to view their wsdl and got the security warning.
补救措施:去发行人的网站下载他们的根证书并添加到我信任的根证书颁发机构.
Remedy: went to the issuer's site downloaded their root cert and added to my trusted root certifcation authorities.
Bam,现在可以使用了.
Bam, it works now.