On Fri, 2011-02-11 at 12:39 -0800, diegocairone wrote: > I am trying to create a proxy for a Web Servicie on a SSL WebSite. To do > that, i am using the utility "wsdl" or the monodevelop IDE. > > The URL of the Web Service is: > "https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl"; and when I add the > web reference on Monodevelop IDE or in a console using the utility "wsdl" I > gets the next error message: "Error getting response stream (Write: The > authentication or decryption has failed.): SendFailure" > > Before doing this, I have imported all roots certificates from Mozilla > excecuting this: "sudo mozroots --import --ask-remove".
That's a bad idea. You're mixing two things. There are a "current user" and a "local machine" certificate stores. When you do a "mozroots --import" then you are, by default, using the current user store - which is generally enough (unless your code runs under a different account, like apache/mod_mono/ASP.NET). If you want to import in the local machine store then you need to be able to write to /usr/share, that's where sudo is helpful. In this case you'll do a "sudo mozroots --machine --import" But what you did is a mix of both resulting in importing the certificates inside the 'root' user store. That will never be available to you (unless you run your apps as 'root'). > Also, I did: "certmgr -ssl https://wsaahomo.afip.gov.ar/"; and copied that > certificates to the stores: "AddressBook", "CA" and "Trust" in > "~/.config/.mono/certs". Most SSL server do not send root certificates as part of the X.509 chain (that's covered in the FAQ [1] where it says "intermediate" certificate will be copied). So this will not add anything into Trust. If you manually copied stuff into Trust then you'll likely get a lot of problems -> delete them. Sebastien [1] please (re)read http://www.mono-project.com/FAQ:_Security _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
