There
was no changes in what you already have.
My
certificate was something I generated myself using the java keystore tool. It
seems to be the only difference at this point.
Thomas
-----Original Message-----
From: Naresh Bhatia [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 29, 2002 8:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Connecting to Axis server from a C# client over SSLHi Thomas,Thanks for following up on this issue.- My root certificate is installed in Trusted Root Certification Authorities. So that is same as your setup.- I also have basic authentication activated and is working fine. So this also is the same as your setup.The only question right now is whether your root certificate is a "real" root certificate or a "test" one. Mine is a test root certificate issued by Verisign. Maybe that is a problem with .NET!If the code you are referring to is from a past post (AxisJBossWebServices), I do have it. You may send it to my personal address if there are any changes.Again, thanks for your help.Naresh-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 29, 2002 2:20 AM
To: [EMAIL PROTECTED]
Subject: RE: Connecting to Axis server from a C# client over SSLI do not have any specific ideas.I know that I played around with the different certificate stores from IE (Other people, Intermediate Certification Authorities, ....) and only by using the Trusted Root Certification Authorities worked.This other thing is that my sample was also using basic authentication . I doubt that there is a link between the two, but you never know .....I can send you the zip of my sample (using JBoss/Tomcat on the server side), if you want to try (I will have to send it to your personal address as the mailing does not like too much such attachments).Thomas-----Original Message-----
From: Naresh Bhatia [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 4:02 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Connecting to Axis server from a C# client over SSLThomas,I have found the problem, I have a workaround, but not a real solution :-(.The problem is that the .NET client somehow does not trust the root certificate that is sent from the Axis server (status code 0x800B0109) - even though I have installed it using IE and IE trusts it!The work around is to override the default CertificatePolicy with my own which blindly trusts any certificate.using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;namespace DonutStore
{
public enum CertificateProblem : long {
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
}
public class MyCertificateValidation : ICertificatePolicy {public bool CheckValidationResult(ServicePoint servicePoint, X509Certificate certificate, WebRequest request, int problem) {
return true;
}
}
}Now to override the default CertificatePolicy do this:ServicePointManager.CertificatePolicy = new MyCertificateValidation();If you have any thoughts as to why .NET does not trust my root certificate, please let me know.Thanks.Naresh-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 11:15 AM
To: [EMAIL PROTECTED]
Subject: RE: Connecting to Axis server from a C# client over SSLThe IE certificate database is actually not IE specific. It is shared with any other Microsoft application, including .NET ones. So it should work.Here is an extract of a readme file from a sample I wrote some times ago:If HTTPS is enabled (see How do I make HTTPS work?), you can run the secure version of the .NET application. In order to do that, you need to install the server certificate so the HTTPS handshake can be successful. With the Axis Java client, the server certificate was imported in a keystore used by the client program. For a .NET application, you need to install this certificate in the Trusted Root Certification Authorities of your Windows machine. You are supposed to be able to store it in your personal certificate storage as well, but I did not manage to make it work that way.
Using Explorer, go in thekeystoresfolder. You should find a file calledserver.cer(if not, you need first to perform all the steps described in How do I make HTTPS work?). Double click on this file. It should open a dialog box giving you the details of the certificate (I do not know if you need anything special installed on your machine in order to do that, but I do not think so). On the General pane, there is an Install Certificate button. Click on it. It should start the Certificate Import Wizard. Click Next. Automatically select the certificate store should work and the Trusted Root Certification Authorities is picked. Click Next then Finish then Yes on any confirmation popups. You can remove or check the installed certificate from Internet Explorer, Tools menu, Internet Options, Content tab, Certificates button, Trusted Root Certification Authorities tab. The installed certificate is calledlocalhost(check thegenkeytarget in thebuild.xmlfile to understand whylocalhost).Thomas-----Original Message-----
From: Naresh Bhatia [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 12:39 AM
To: [EMAIL PROTECTED]
Subject: Connecting to Axis server from a C# client over SSLHi,
I have an Axis server running on a SSL port. Axis clients can successfully connect to it. However C# clients give me the following error:
Could not establish trust relationship with remote server
What do I have to do to make the C# client accept the certificate supplied by the Axis server? I have imported the server certificate as well as the associated CA certificate in to IE which now trusts the Axis server. Is there an equivalent process for .NET web applications?
Any help will be much appreciated. Thanks.
Naresh Bhatia
