SSL Inbound Security in Proxy service

Similar Messages

• WS-Security and proxy service: Unable to add security token for identity

  What the reason of "Unable to add security token for identity" fault in this situation (10.3.1):
  I did simple "hello word" proxy service and tried to apply custom policy binding.
  WS-Policy is next:
  <wsp:Policy wsu:Id="WS-Policy-Siebel"
       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
       xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <wssp:Identity
            xmlns:wssp="http://www.bea.com/wls90/security/policy">
            <wssp:SupportedTokens>
                 <wssp:SecurityToken
                      TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
                      <wssp:UsePassword
                           Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" />
                 </wssp:SecurityToken>
            </wssp:SupportedTokens>
       </wssp:Identity>
  </wsp:Policy>
  Process WS-Security is setted to "yes".
  While debugging I see that all works fine - I can authenticate with defined credentials and breakpoints in proxy service flow works fine.
  But at the end I get the fault:
  Soap fault:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  <faultstring>Unable to add security token for identity</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  In console:
  <09.06.2010 17:39:18 MSD> <Error> <OSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: F
  ault, message-id: 1721282272521583996--57dc4ccc.1291cc2282d.-7fab, proxy: OSB Project WS-Security/WSSecurityService, operation: NewOperation]
  --- Error message:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault><faultcode>env:Server</faultcode><faultstring>Un
  able to add security token for identity</faultstring></env:Fault></env:Body></env:Envelope>
  weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
  at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:88)
  at weblogic.wsee.security.WssServerHandler.processResponse(WssServerHandler.java:70)
  Truncated. see log file for complete stacktrace
  Incoming soap message is:
  <soapenv:Envelope      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header      xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:Security      soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken      wsu:Id="unt_TNNp0cBwU7HyPKoq" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>testuser</wsse:Username>
  <wsse:Password      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testuser</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  <soapenv:Body>
  <wss:NewOperation      xmlns:wss="http://www.troika.ru/Enterprise/WSSecurityService/">
  <in>string</in>
  </wss:NewOperation>
  </soapenv:Body>
  </soapenv:Envelope>
  Edited by: Andrey L. on Jun 9, 2010 5:55 PM

  I thought you were getting that exception when accessing the proxy.
  No. Authentification works fine. Proxy body works fine. But at the end of proxy appears the exception.
  Sorry for my english - I tried to show this situation on image: http://imglink.ru/show-image.php?id=9c0e0c1719f00289faf11696c6703bc3
  Are you getting this exception when routing to a business service which is configured for WS-Security ??
  I don't use business service in this test project - only simple proxy service with all logic inside.
  PS transformation in replace action is very simple too:
  (:: pragma bea:global-element-parameter parameter="$newOperation1" element="ns0:NewOperation" location="WSSecurityService.wsdl" ::)
  (:: pragma bea:global-element-return element="ns0:NewOperationResponse" location="WSSecurityService.wsdl" ::)
  declare namespace ns0 = "http://www.troika.ru/Enterprise/WSSecurityService/";
  declare namespace xf = "http://tempuri.org/OSB%20Project%20WS-Security/Hello/";
  declare function xf:Hello($newOperation1 as element(ns0:NewOperation))
  as element(ns0:NewOperationResponse) {
  <ns0:NewOperationResponse>
  <out>Hello, { data($newOperation1/in) }!</out>
  </ns0:NewOperationResponse>
  declare variable $newOperation1 as element(ns0:NewOperation) external;
  xf:Hello($newOperation1)
  Edited by: Andrey L. on Jun 10, 2010 12:21 PM

• Securing proxy services

  Hi,
  I want to secure my proxy service using SOAP header based authentication.
  Please help me with this.
  using OSB 11g R1.
  Thank You.

  Have you looked at this one ?
  http://jvzoggel.wordpress.com/2011/08/09/using-usernametoken-authorisation-authentication-osb/

• Probem attaching OWSM Policy to OSB Proxy Service

  Hi all,
  I am working with OSB 11g R1 and I am trying secure one proxy service by attaching one OWSM predefined policy. However, the "OWSM Policy Binding" is disabled in the Policy section of the proxy service.
  I found this thread in the forum [1] wich seems to have the same problem and I have checked that all the extensions are installed in my domain.
  Sure I missing something but I haven't found anything in the docs.
  Any tip or hint is appreciated
  Thanks in advance
  My enviroment:
  - Weblogic Server (10.3.4.0)
  - Oracle Service Bus (11.1.1.4)
  - Oracle Service Bus OWSM Extension (11.1.1.0)
  [1] OWSM Policy Binding Disabled for proxy/business server with SOAP 1.1
  Edited by: user10102092 on 27-jul-2011 2:42

  I presume you already did a fresh restart of the managed servers?Yeap, I've restarted the OSB server.
  Looking at the logs I can find this message:
  +####<Jul 27, 2011 1:25:52 PM CEST> <Info> <Common> <mydomain.com> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0000J5fLsXLFw0WFLzNM8A1EBzMW000001> <1311765952760> <BEA-000628> <Created "1" resources for pool "mds-owsm", out of which "1" are available and "0" are unavailable.>+
  So I understand that the pool is created correctly, isn't it?

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• JMS Biz & Proxy Services Using OSB & SSL

  We have a potential requirement being enforced upon us which states that our communication to another system using a JMS proxy service should be using SSL.
  Has anyone done this before using OSB?
  There is a "Use SSL" tick box on the proxy and business services, but I think this is purely for authentication and not transport - but I could be wrong as its not an area I know that much about.
  We're pushing for an IPSEC VPN link as that makes much more sense, but in the meantime I thought I'd ask if anyone had done any JMS + SSL work using OSB.
  Thanks,
  Pete

  Manoj, Thanks for your reply.
  Actually the other system is OSB!!
  It's a government system we're talking to but in the interests of open-ness, we cannot use OSB->OSB out of the box interfaces such as SAF etc, as that isn't an open enough interface and users of the interface who don't have OSB may be disadvantaged! Something like that anyway! SAF would be a perfect option for this interface, but .....
  What we've been so far is that all communication via JMS must be SSL based. But - t3s is not supported on this interface, so the SSL negotiation must be handled by a hardware device or something else.
  We think we've found BigIP load balancers do the job, but that's a large cost as we don't have those in our current infrastructure.
  We don't have much SSL communication apart from https, so I don't have a whole lot of experience with it and I just wondered if there was any OSB feature I'm missing, or something you can do in plan java code to get JMS communicating via SSL.
  Pete
  ps:A standard IPSEC VPN would do the job too, which we're going to try to push for, then, you just use the jms:// url to an address and the security is via the VPN.

• Is it possible to view individual SSL-proxy service usage (TPS)?

  Hi,
  Can the ACE provide any detail above and beyond just the overall ssl-connection rate for a particular context?
  I have an ACE with two contexts and multiple ssl-proxy services configured within each and it would be really helpful to know the ssl-connection rate associated with each service (current, average, peak, etc) as I've got the issue where the SSL resource limit for one of the contexts has been reached and I don't know which service has jumped up in usage;-
  Allocation
  Resource Current Peak Min Max Denied
  ssl-connections rate 0 250 250 250 351
  I can set up custom MIB pollers based on OID values within our SolarWinds network monitoring system so even if the information isn't directly available through the ACE CLI but has an associated OID I'd be grateful for the info if any one knows it (or even just the OIDs that contain the connection rate values from the 'sh resource usage' command so I can graph the overall usage against date/time within SolarWinds).
  Thanks
  Matthew

  Matthew,
  I do not know the OID to poll the service-policy info.
  But if you do a 'show service-policy ' at regular interval and compare the hitcon, you can compute the connection rate for each service policy individually.
  Gilles.

• OWSM 11g: Invoking a secured web service through a java proxy service

  Hi All,
  I am trying to call a secured bpel service which is expecting a username token password. I have created a java proxy service for the same. I now need to add the username token to the same. Can anyone please guide me in this regard.
  Thanks in advance.

  Just to add some pointers,
  I added the following code to the proxy still the soap headers is not getting propagated.
  OrderBookingAndShipment orderBookingAndShipment = orderbookingandshipment_client_ep.getOrderBookingAndShipment_pt();
  String username = "OWSM_11g";
  String password = "password";
  List credProviders = new ArrayList();
  //client side UsernameToken credential provider
  CredentialProvider cp = new ClientUNTCredentialProvider(username.getBytes(),password.getBytes());
  credProviders.add(cp);
  Map<String,Object> context = ((BindingProvider) orderBookingAndShipment).getRequestContext();
  context.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST,credProviders);

• Reporting services with R2 on DPM2012 - Could not establish trust relationship for the SSL/TLS secure channel

  Hi everyone,
  A somewhat similar question has been asked before by others but none of the answers given has helped me.I am attempting a DPM 2012 installation, which is failing at the "deploying reports" stage.My analysis of logs seems to point me in the direction of an SSL
  error, which does not make sense since the configuration files say SSL is disabled (or at least, should be).
  Here are the symptoms:
  1.I am able to browse http://FQDN/Reports_MSDPM2012 folder from internet explorer
  2.I am also able to browse http://FQDN/ReportServer_MSDPM2012 from internet explorer
  3.The information given in the logs and relevant config files is shown below:
  <<RSREPORTSERVER.CONFIG>>
  <ConnectionType>Default</ConnectionType>
  <LogonUser></LogonUser>
  <LogonDomain></LogonDomain>
  <LogonCred></LogonCred>
  <InstanceId>MSRS10_50.MSDPM2012</InstanceId>
  <InstallationID>{d9b1c335-5842-4a81-9148-79184c38bf09}</InstallationID>
  <Add Key="SecureConnectionLevel" Value="0"/>
  <Add Key="CleanupCycleMinutes" Value="10"/>
  <Add Key="MaxActiveReqForOneUser" Value="20"/>
  <Add Key="DatabaseQueryTimeout" Value="120"/>
  <Add Key="RunningRequestsScavengerCycle" Value="60"/>
  <Add Key="RunningRequestsDbCycle" Value="60"/>
  <Add Key="RunningRequestsAge" Value="30"/>
  <Add Key="MaxScheduleWait" Value="5"/>
  <Add Key="DisplayErrorLink" Value="true"/>
  <Add Key="WebServiceUseFileShareStorage" Value="false"/>
  <!--  <Add Key="ProcessTimeout" Value="150" /> -->
  <!--  <Add Key="ProcessTimeoutGcExtension" Value="30" /> -->
  <!--  <Add Key="WatsonFlags" Value="0x0430" /> full dump-->
  <!--  <Add Key="WatsonFlags" Value="0x0428" /> minidump -->
  <!--  <Add Key="WatsonFlags" Value="0x0002" /> no dump-->
  <Add Key="WatsonFlags" Value="0x0428"/>
  <Add Key="WatsonDumpOnExceptions" 
  4.The DPM log file still appears to be using SSL even though i used reporting services configuration to remove SSL bindings:
  running.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: exception ---> Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.ReportDeploymentException:
  exception ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could
  not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
  The remote certificate is invalid according to the validation procedure.
     at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest,
  Exception exception)
  5:I do have an SCCM site on the default web site used by SMS clients but on different ports
  I am stumped.Somebody please give some advice
  Thank you

  Hi
  This is an old post but did you come right?

• Security between Proxy and Business Services

  Dear All
  We are trying to restrict business service access only through proxy services. Will outbound security using service accounts can do this task? I enabled basic authentication at business service level and tried to pass username/password token through soap header in proxy service. I get "The invocation resulted in an error: Unauthorized." error.
  Please suggest if this is the correct approach.
  Thanks,
  Amjad.

  I'm affraid you didn't get the very basic meaning of business service.
  >
  I want BS1 to be accessed only through PS1 and hence need to secure BS1.
  >
  1. You don't need to secure BS because of this reason since every BS can be accessed only through PS. There is no way you can call BS outside of OSB. BS is just a definition of external (business) service.
  2. Authentication set on BS is not meant to restrict access to BS itself. It is set to use credentials to access some service from OSB (WS1 in your case).
  >
  When BS1 is directly accessed through OSB console, I get "The invocation resulted in an error: Unauthorized".
  >
  This is only a testing form. Again, there is no chance you could call BS outside of OSB. On top of that, if you test BS which has pass-through account set, the test fails as there are no credentials to be passed to BS from PS as there was no PS called.
  I suggest you go back to OSB basics:
  http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/tutorial/tutIntro.html#wp1045005
  http://docs.oracle.com/cd/E14571_01/doc.1111/e15020/architecture_overview.htm#i1094753

• Creating Proxy service over a secured BPEL process

  Hi,
  I have a BPEL process project A which I have secured using oracle/wss_username_token_service_policy
  Now, I want to expose it over OSB as a proxy service.
  After registering the WSDL, I tried to create Business Service over it.
  It gave me a warning:
  [OSB Kernel:398133]WSSP 1.2 policy assertions (Web Services Security Policy 1.2) are not allowed on this service.
  What is the best approach to take.
  Thanks.

  Get the wsdl of the OSB proxy service and create webservice parnerlink in BPEL based on this wsdl to invoke the service
  To form the wsdl url, copy the Endpoint URI  configured to the proxy service(just click on the proxy service in the console) from the sbconsole  - /ATHGPUM_GlidePathService/ProxyService/ATHGPUM_GlidePathProxyService
  Pre append <<protocol://OSB Hostname:OSB Port>>  - http://localhost:8000/   and post append with ?WSDL
  The final WSDL url look like  - http://localhost:8000/ATHGPUM_GlidePathService/ProxyService/ATHGPUM_GlidePathProxyService?WSDL
  Regards
  Albin I

• Importing external web service with SSL certificate security

  Hello,
  I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
            at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 21 more
  Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
  Cheers!

  Hi Alain,
  I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
  You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

• SAML Validation Error  - Proxy Service - Process WS-Security Header

  I am testing a Proxy Service that inspects the WS-Security Header which contains a WS-Policy for a SAML Assertion sender-vouches. The SAML Assertion that is produced is valid according to the oassis schema, but ALSB 2.6 returns a SOAP Fault that the SAML Assertion is not valid. Is there any next steps I should take to diagnose the problem? Also, are there any good tools available for validating a SAML Assertion?
  Here is the response of the ALSB 2.6 running on WebLogic 9.2. It is a simple proxy service we use to test whether SAML is working correctly or not. The client correctly sends the sender-voucher with the username/password/certificate alias and so forth.
  <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
  <soapenv:Body>
  <soapenv:Fault
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <axis2ns1:Code xmlns:axis2ns1="http://www.w3.org/2003/05/soap-envelope">
  <axis2ns1:Value>soapenv:Sender</axis2ns1:Value>
  <axis2ns1:Subcode>
  <axis2ns1:Value>wsse:InvalidSecurityToken</axis2ns1:Value>
  </axis2ns1:Subcode>
  </axis2ns1:Code>
  <axis2ns2:Reason xmlns:axis2ns2="http://www.w3.org/2003/05/soap-envelope">
  <axis2ns2:Text xml:lang="en-US"
  >Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@563c52a[status: false][msg The SAML token is not valid.]</axis2ns2:Text>
  </axis2ns2:Reason>
  </soapenv:Fault>
  </soapenv:Body>
  </soapenv:Envelope>
  Thanks,
  Jay Blanton

  Hi, Pls send your client code to my mail [email protected]

• Change security policy on passthrough proxy-service?

  I've an business-service which is secured by a OWSM policy. The business-service is exposed as a proxy-passthrough (a long with the OWSM policy).
  Is it possible to change the security policy for the proxy-service (which is exposing the OWSM policy secured business service) to some other policy or 'just' basic authentication??
  Cheers
  Søren
  Edited by: user4177402 on 2013-02-21 23:03

  Try using quotation marks:
  gpedit.msc /gpcomputer:"target"
  MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  http://mariusene.wordpress.com/

• Could Not Establish trust relationship for the SSL/TLS secure channel Sharepoint Web services

  I am trying to updateList items into a sharepoint list from the xml document stored in my shared drive in remote server. To make that work i wrote down a Powershell Script that utilizes Sharepoint Webservices Api Updatelistitems function to perform the acitivity.
  I ran the script over in Dev environment it works, Then i went into QA that Works too. At last i am now in PROD and agains ran the script i am now receicing following error:
  New-WebServiceProxy : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
  All of my servers dev, QA and PROD web apps are encrypted by Https 443 using Cerified root certificate. Powershell script i am running are mirror copy. System accoutn i am using has owner privileages to sharepoint site and its list.
  Am i missing something here, what is blocking this traffic i have no clue.
  Thank You

  are u using self singed certificate?
  also check this http://www.poshpete.com/powershell/new-webserviceproxy-and-ssl
  http://www.brainlitter.com/2012/03/13/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog