ECGrid Forums  

Go Back   ECGrid Forums > Electronic Commerce > ECGridOS > ECGridOS Developer

ECGridOS Developer Development related posts.

Reply
 
Thread Tools Display Modes
  #1  
Old 08-16-2013, 03:36 AM
hchow hchow is offline
New Member
 
Join Date: Jun 2013
Posts: 6
Default Could not establish trust relationship for the SSL/TLS secure channel with authority

I have been noticing some errors on our production server lately (starting from 8/13/2013). Here's the error details from our Event Log:
__________________________________________________ ______

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 8/14/2013 7:30:58 PM
Event time (UTC): 8/14/2013 11:30:58 PM
Event ID: a8cb039065a44230bb452cd55506d960
Event sequence: 2135
Event occurrence: 12
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/2/ROOT-1-130209390136955000
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\xxxxx\
Machine name: xxxxx

Process information:
Process ID: 832
Process name: w3wp.exe
Account name: IIS APPPOOL\xxxxx

Exception information:
Exception type: SecurityNegotiationException
Exception message: Could not establish trust relationship for the SSL/TLS secure channel with authority 'ecgridos.net'.

Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities. ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.Ht tpRequestChannel.HttpChannelRequest.WaitForReply(T imeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Reques t(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(S tring action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.I nvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.I nvoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleRe turnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateI nvoke(MessageData& msgData, Int32 type)
at ECGridOSAPIv2Soap.Login(String LoginName, String Password)
at ECGridOSAPIv2SoapClient.Login(String LoginName, String Password) in C:\xxxxx

__________________________________________________ ______

When our web app calls the Login() method on https://ecgridos.net/v2.3/prod/ecgridos.asmx, it receives this error: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'ecgridos.net'." The odd thing is, when the user reloads the page and the same Login() method is called again, the error goes away.

Was there any changes with the certificate on the server lately? Have any other users experienced this issue? What can we do on our end to fix this error? Our users can still get by because all they have to do is to reload the page. But it gets annoying because the errors keep coming back if the user lets the page sit idle for too long.

Thanks!

Hong
Reply With Quote
  #2  
Old 08-17-2013, 11:26 AM
hchow hchow is offline
New Member
 
Join Date: Jun 2013
Posts: 6
Default Problem solved

I found the answer to my own question!

It seems like this error only occurs on our production server because it's not trusting the certificate from ecgridos.net. I forced the app to trust the certificate from ecgridos.net by adding this line of code before making the web service call:

System.Net.ServicePointManager.ServerCertificateVa lidationCallback
= ((sender, cert, chain, errors) => cert.Subject.Contains("ecgridos.net"));

Your users can use the same line of code if they they run into the same problem on their production server (which is more restrictive). More information about the fix can be found here: http://stackoverflow.com/questions/1...e-channel-with

Thanks!

Hong
Reply With Quote
  #3  
Old 08-19-2013, 09:32 AM
Todd Gould's Avatar
Todd Gould Todd Gould is offline
Loren Data Corp.
 
Join Date: May 2005
Location: Loren Data Corp.
Posts: 303
Send a message via Skype™ to Todd Gould
Default

Hong:

Glad you got it figured out and for the StackOverflow solution. We are using a certificate signed by GeoTrust Global CA/Rapid SSL. It should be accepted by most every computer.

I suspect that an update to your Trusted Root CA list would probably have fixed the problem, too.

-=tg=-
Reply With Quote
Reply

Tags
ssl


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 11:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
ECGrid® is a registered service mark of Loren Data Corp.