SSL Certificate Error

Question

3.00/5 (1 vote)

See more:

Hi
I have a windows service which periodically connects remote web service method and passes the required parameters. This system was working perfect.

But for the live system, we needed to install and use client SSL certificate to call that remote web service method. Now, the windows servce returns the error below.

identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'thet-ws.ema.europa.eu' but the remote endpoint provided DNS claim 'TURSIGN'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'TURSIGN' as the Identity property of EndpointAddress when creating channel proxy.

If I put TURSIGN as the identity like suggested, I receive the error;

Could not establish secure channel for SSL/TLS with authority 'thet-ws.ema.europa.eu:444'.

How can I resolve this problem?

Regards.

Posted 1-May-13 3:18am

vucark

Add a Solution

Comments

Mike Meinz 1-May-13 12:42pm

I suggest that you have someone thoroughly check the DNS entries for thet-ws.ema.europa.eu. I used NSLOOKUP to get the IP Address (92.242.144.7) and then tried a Reverse DNS lookup using one of the public web pages that provide Reverse DNS Lookup service and got server can't find 7.144.242.92.in-addr.arpa error. Furthermore, if I use NSLOOKUP option set q=any, I get an error: Non-existent domain for thet-ws.ema.europa.eu

vucark 1-May-13 13:14pm

Hi Mike.
The correct DNS address was thetis-ws.emsa.europa.eu:444 and the web service WSDL url
https://thetis-ws.emsa.europa.eu:444/thetis-data-exchange-integration-webservice/ClassInformationServices?wsdl

Mike Meinz 1-May-13 13:41pm

NSLOOKUP results shows that portal.emsa.europa.eu is the actual server name for the server at IP Address 91.231.216.129. thetis-ws.emsa.europa.eu is an alias.

NSLOOKUP
> set q=any
> thetis-ws.emsa.europa.eu

Non-authoritative answer:
thetis-ws.emsa.europa.eu canonical name = portal.emsa.europa.eu

REVERSE DNS LOOKUP
Results
91.231.216.129 resolves to
"portal.emsa.europa.eu"

When accessing the web service, I got an error that said the certificate was not issued by a trusted certificate authority. Maybe there is a problem with the certificate. If you want to use SSL over the Internet, you should probably acquire a SSL certificate from one of the trusted authorities.

vucark 1-May-13 14:14pm

Hi Mike,

This certificate is self signed. We got the signed certificate that they sent us. We have already installed that certificate. What do we need to do to make this client certificate trusted?

Mike Meinz 1-May-13 14:29pm

If you are creating your own certificate, you must also create a certificate authority certificate and install that on every computer that will access your web site. Part of this CodeProject Tip may help you create the certificate authority certificate - How to be your own Certificate Authority and create your own certificate to sign code files

Almost everyone uses a trusted certificate authority because of the requirement that the certificate authority certificate must be on every PC that will access your web site.

vucark 1-May-13 15:41pm

They gave us the required CA certificates and they have already installed also. But we still receive the same error.

Mike Meinz 1-May-13 16:47pm

Sorry. I can offer no additional help.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)