ECGrid Forums

ECGrid Forums (http://forums.ecgrid.com/index.php)
-   ECGridOS Developer (http://forums.ecgrid.com/forumdisplay.php?f=72)
-   -   Could not establish trust relationship for the SSL/TLS secure channel with authority (http://forums.ecgrid.com/showthread.php?t=209)

hchow 08-16-2013 03:36 AM

Could not establish trust relationship for the SSL/TLS secure channel with authority
 
I have been noticing some errors on our production server lately (starting from 8/13/2013). Here's the error details from our Event Log:
__________________________________________________ ______

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 8/14/2013 7:30:58 PM
Event time (UTC): 8/14/2013 11:30:58 PM
Event ID: a8cb039065a44230bb452cd55506d960
Event sequence: 2135
Event occurrence: 12
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/2/ROOT-1-130209390136955000
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\xxxxx\
Machine name: xxxxx

Process information:
Process ID: 832
Process name: w3wp.exe
Account name: IIS APPPOOL\xxxxx

Exception information:
Exception type: SecurityNegotiationException
Exception message: Could not establish trust relationship for the SSL/TLS secure channel with authority 'ecgridos.net'.

Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities. ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.Ht tpRequestChannel.HttpChannelRequest.WaitForReply(T imeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Reques t(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(S tring action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.I nvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.I nvoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleRe turnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateI nvoke(MessageData& msgData, Int32 type)
at ECGridOSAPIv2Soap.Login(String LoginName, String Password)
at ECGridOSAPIv2SoapClient.Login(String LoginName, String Password) in C:\xxxxx

__________________________________________________ ______

When our web app calls the Login() method on https://ecgridos.net/v2.3/prod/ecgridos.asmx, it receives this error: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'ecgridos.net'." The odd thing is, when the user reloads the page and the same Login() method is called again, the error goes away.

Was there any changes with the certificate on the server lately? Have any other users experienced this issue? What can we do on our end to fix this error? Our users can still get by because all they have to do is to reload the page. But it gets annoying because the errors keep coming back if the user lets the page sit idle for too long.

Thanks!

Hong

hchow 08-17-2013 11:26 AM

Problem solved
 
I found the answer to my own question!

It seems like this error only occurs on our production server because it's not trusting the certificate from ecgridos.net. I forced the app to trust the certificate from ecgridos.net by adding this line of code before making the web service call:

System.Net.ServicePointManager.ServerCertificateVa lidationCallback
= ((sender, cert, chain, errors) => cert.Subject.Contains("ecgridos.net"));

Your users can use the same line of code if they they run into the same problem on their production server (which is more restrictive). More information about the fix can be found here: http://stackoverflow.com/questions/1...e-channel-with

Thanks!

Hong

Todd Gould 08-19-2013 09:32 AM

Hong:

Glad you got it figured out and for the StackOverflow solution. We are using a certificate signed by GeoTrust Global CA/Rapid SSL. It should be accepted by most every computer.

I suspect that an update to your Trusted Root CA list would probably have fixed the problem, too.

-=tg=-


All times are GMT -4. The time now is 03:13 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
ECGrid® is a registered service mark of Loren Data Corp.