SSL/TLS security certificate data match with XML Payload in SAP PI

Hi,
We are working on a solution where we would want to use SSL/TLS or WS Security with client server mutual authentication using client server certificates.
But, once the sender is authenticated using the certificates, can the XML payload be matched for the correctness with the certificate information? Is this available to PI integration engine at any time? Like Sender A autheticated as A using certificates, must be stopped if his XML payload is saying that he is sender B (which is most unlikely if we trust the senders but did not want to leave a loophole).
Any ideas here?
Thanks and Regards,
Vijay

Hi Wolfgang,
Cross-posting is discouraged and against the forum rules, because it is misused and makes a mess of the search due to distributed discussions and answers.
I will move it to the PI forum and add a watch on it as it is security forum related.
Unfortunately, the forum software does not have the option to "mirror" threads.
Cheers,
Julius
Edited by: Julius Bussche on Sep 14, 2009 9:50 PM

Similar Messages

  • Sharepoint and SSRS report trust relationship ssl/tls secure channel remote certificate is invalid

    I have no experience with sharepoint at all. but this is what I observed.
    I intermittently getting this error message on my sharepoint. could not establish trust relationship for the ssl/tls secure channel. Remote Certificate is invalid according to the validation procedure.
    Screnshot of the error 
    This is how the sharepoint page layout.
    I have report.aspx. and below is the content of the aspx file.
    The url is http://sharepoint.COMPANY.com/Pages/Report.aspx.
    The URL is intranet only.
    The sharepoint is hosted in SERVER1 and the SSRS is hosted in SERVER.
    I observed this error happens on both HTTP and HTTPS http sharepoint COMPANY com/Pages/Report.aspx OR https sharepoint COMPANY com/Pages/Report.aspx
    So far, the step I did was to follow this blog http://krishnasangani.blogspot.ca/2013/06/the-remote-certificate-is-invalid.html Restarted
    IIS in SERVER1 AND SERVER2. but the problem persist. Another I have done is to click the certificate in internet explorer and everything looks ok on that side to (certificate is valid)
    It seems to only happen earlier during the morning, then it fixes itself around 9 Oclock. It has been on going for about 2 weeks. Please help troubleshooting this.
    <%@ Page Inherits="Microsoft.SharePoint.Publishing.TemplateRedirectionPage,Microsoft.SharePoint.Publishing,Version=14.0.0.0,Culture=neutral,PublicKeyToken=71e9bsasdasdasd9c" %> <%@ Reference VirtualPath="~TemplatePageUrl" %> <%@ Reference VirtualPath="~masterurl/custom.master" %><%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bsasdasdasd9c" %>
    <html xmlns:mso="urn:schemas-microsoft-com:office:office" xmlns:msdt="uuid:547SF010-65B3-11d1-A29F-00457845FFSW"><head>
    <!--[if gte mso 9]><SharePoint:CTFieldRefs runat=server Prefix="mso:" FieldList="FileLeafRef,Comments,PublishingStartDate,PublishingExpirationDate,PublishingContactEmail,PublishingContactName,PublishingContactPicture,PublishingPageLayout,PublishingVariationGroupID,PublishingVariationRelationshipLinkFieldID,PublishingRollupImage,Audience,PublishingPageImage,PublishingPageContent,SummaryLinks,ArticleByLine,ArticleStartDate,PublishingImageCaption,HeaderStyleDefinitions"><xml>
    <mso:CustomDocumentProperties>
    <mso:PublishingContact msdt:dt="string">8</mso:PublishingContact>
    <mso:HeaderStyleDefinitions msdt:dt="string"></mso:HeaderStyleDefinitions>
    <mso:display_urn_x003a_schemas-microsoft-com_x003a_office_x003a_office_x0023_PublishingContact msdt:dt="string">First Last Name</mso:display_urn_x003a_schemas-microsoft-com_x003a_office_x003a_office_x0023_PublishingContact>
    <mso:PublishingContactPicture msdt:dt="string"></mso:PublishingContactPicture>
    <mso:PublishingContactName msdt:dt="string"></mso:PublishingContactName>
    <mso:ContentTypeId msdt:dt="string">0x010100C568DB5SDH48375LKNSDFG8340JKRG8034U6NEGK8TNGE8U34NIOGE8355H3358TRNG38G43JIOEG0T3JIGE9034340R8J05T4I54T4J8903HH5640K9445G54HH6564H65665</mso:ContentTypeId>
    <mso:Comments msdt:dt="string"></mso:Comments>
    <mso:PublishingContactEmail msdt:dt="string"></mso:PublishingContactEmail>
    <mso:PublishingPageLayout msdt:dt="string">https://sharepoint.COMPANY.com/_catalogs/masterpage/PageFromDocLayout.aspx, Body only</mso:PublishingPageLayout>
    <mso:PublishingPageContent msdt:dt="string">&lt;div class=&quot;ms-rtestate-read ms-rte-wpbox&quot;&gt;&lt;div class=&quot;ms-rtestate-notify ms-rtestate-read a74e0591-4ee6-4837-935a-3c932a967fac&quot; id=&quot;div_a74e0591-4ee6-4837-935a-3c932a967fac&quot;&gt;&lt;/div&gt;
    &lt;div id=&quot;vid_a74e0591-4ee6-4837-935a-3c932a967fac&quot; style=&quot;display:none&quot;&gt;&lt;/div&gt;&lt;/div&gt;
    &lt;div class=&quot;ms-rtestate-read ms-rte-wpbox&quot;&gt;&lt;div class=&quot;ms-rtestate-notify ms-rtestate-read e97fce7c-b702-4530-ae50-16ea77475fd5&quot; id=&quot;div_e97fce7c-b702-4530-ae50-16ea77475fd5&quot;&gt;&lt;/div&gt;
    &lt;div id=&quot;vid_e97fce7c-b702-4530-ae50-16ea77475fd5&quot; style=&quot;display:none&quot;&gt;&lt;/div&gt;&lt;/div&gt;
    </mso:PublishingPageContent>
    <mso:PublishingRollupImage msdt:dt="string"></mso:PublishingRollupImage>
    <mso:RequiresRouting msdt:dt="string">False</mso:RequiresRouting>
    </mso:CustomDocumentProperties>
    </xml></SharePoint:CTFieldRefs><![endif]-->
    <title>Report</title></head>
    A few questions I have in mind is Any pointer to troubleshoot this problem AND By looking at the ASPX file, Would you be able to determine what method is my Sharepoint page calling the SSRS report , integrated mode, native mode? IEFrame? The reason I am asking
    this is that maybe IF I google using the right terminology I can get to the similar problem and solution.
    Thanks

    Please let us know if you are using
    SharePoint communicates to an external service via HTTPS 
    Please try perform following steps:
    Fix is to setup a trust between SharePoint and the server requiring certificate validation.
    In SharePoint Central Administration site, go to “Security” and then “Manage Trust”.  Upload the certificates to SharePoint.  The key is to get both the root and subordinate certificates on to SharePoint.
    The steps to get the certificates from the remote server hosting the WCF service are as follows:
    1.  Browse from IE to the WCF service (e.g., https://remotehost/service.svc?wsdl)
    2.  Right click on the browser body and choose “Properties” and then “Certificates” and then “Certificate Path”.
    This tells you the certificate chain that’s required by the other server in order to communicate with it properly.  You can double-click on each level in the certificate chain to go to that particular certificate, then click on “Details” tab, “Copy to
    File” to save the certificate with the default settings.
    As an example, get both VeriSign & VeriSign Class 3 Extended Validation SSL CA.
    reference : http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/could-not-establish-trust-relationship-for-ssl-tls-secure-channel.aspx
    If my contribution helps you, please click Mark As Answer on that post and
    Vote as Helpful
    Thanks, ShankarSingh(MCP)

  • Could not establish trust relationship for the SSL/TLS secure channel with authority SharePoint ssis connectors

    Hi All,
    I am using SharePoint List Connectors to load the data from Sharepoint list to  Sql server.
    I have created an ssis package and attached to the SQL agent job in works fine
    SharePoint Source dev url : http://company.dev.com (working fine)(http)
    DB server:(server\instance)
    I thought all i good and can test with the uat sharepoint url.
    I have changed the configuration url yo point to uat.(https)
    SharePoint Source dev url : https://companyuat.dev.com (working fine)
    DB server:(server\instance)
    Suddently it fails when  with the following error:
    In both the cases i am running the agent job from the same db server
    DB server:(server\instance)
    Error Message:
    Could not establish trust relationship for the SSL/TLS secure channel with authority 'companyuat.dev.com'. --->  System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
    ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
    Source: Data Flow Task SharePoint List Source [1] Description: System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'companyuat.dev.com'. ---> System.Net.WebException:
    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.  
    Is there is workaround to reslove this?Any inputs highly appreciated as it is time to move to production :(.
    Thanks
    Ravi
    Ravi

    This is the important error: The remote certificate is invalid according to the validation procedure.
    Your SharePoint server certificate is invalid. You have to either correct your certificate or make your SSIS client machine explicitly trust the server certificate.
    SSIS Tasks Components Scripts Services | http://www.cozyroc.com/

  • Set-IRMConfiguration failed with error "Cou ld not establish trust relationship for the SSL/TLS secure channel."

    Hi, experts 
    I'm trying to configure a lab environment according tutorial http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part3.html
    After completing configuration, I execute cmdlet Set-IRMConfiguration -InternalLicensingEnabled $true, but get error
    The remote certificate is invalid according to the validation procedure. ---> The underlying connection was closed: Cou
    ld not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get Server Info from https://exhv-65
    94/_wmcs/certification/server.asmx.
        + CategoryInfo          : InvalidOperation: (:) [Set-IRMConfiguration], Exception
        + FullyQualifiedErrorId : C810E449,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
    Then I run cmdlet Test-IRMConfiguration -Sender [email protected] and get error
    Results : Checking Exchange Server ...
                  - PASS: Exchange Server is running in Enterprise.
              Loading IRM configuration ...
                  - PASS: IRM configuration loaded successfully.
              Retrieving RMS Certification Uri ...
                  - PASS: RMS Certification Uri: https://server1/_wmcs/certification.
              Verifying RMS version for https://server1/_wmcs/certification ...
                  - WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
              hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
               or AD RMS on Windows Server 2008 R2.
              Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
              //server1/_wmcs/certification/server.asmx. ---> System.Net.WebException: The underlying connection was clos
              ed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authenticatio
              n.AuthenticationException: The remote certificate is invalid according to the validation procedure.
                 at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest async
              Request, Exception exception)
                 at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
              Request)
                 at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
                 at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
              Request)
                 at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
                 at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
              Request)
                 at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
                 at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequ
              est asyncRequest)
                 at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
                 at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Obje
              ct state)
                 at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
                 at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
                 at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
                 at System.Net.ConnectStream.WriteHeaders(Boolean async)
                 --- End of inner exception stack trace ---
                 at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
                 at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
                 at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
                 at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
              uests)
                 at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
                 --- End of inner exception stack trace ---
                 at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
                 at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
              rviceType serviceType)
                 at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
              OVERALL RESULT: PASS with warnings on disabled features
    From the error message, this issue seem to related with SSL/TLS connection. So I go back to check configuration and find out a difference to tutorial. Current SCP url is https://server1/_wmcs/certification, but in tutorial it is https://server1:433/_wmcs/certification.
    On my opinion, I don't think it is the real reason.
    So, how can I resolve this error? Could you give me some suggestion? Thanks in advance.
    System Info:
    Windows Server 2008 R2 + Exchange Server 2010 SP3 RTM

    Hi
    Please have a try with the solution on this KB article
    “Error message when you try to test access from the Microsoft Dynamics CRM E-mail Router: "Incoming Status: Failure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"”
    http://support.microsoft.com/kb/954584/en-us
    Cheers
    Zi Feng
    TechNet Community Support

  • Could not establish trust relationship for the SSL/TLS secure channel with authority

    Hello everyone, I need to establish a connection between my HTTPS WCF hosted in Windows Azure Web Role and my Windows Store App Client. The service is actually exposed for testing purposes using a self-signed certificate.
    I have installed the certificate in Personal and Trusted Root Certification Authorities in Current User and Local Manchine.
    In the Windows Store App, I create the service reference pointing to the cloud https service, then edit the manifest and create a new declaration to Add a New Certificate, I checked Exclusive Trust and Auto select, pointing to Root storage name and
    my self-signed certificate.cer.
    The result is the following exception in the IntelliTrace stack:
    Exception:Caught: "The remote certificate is invalid according to the validation procedure." (System.Security.Authentication.AuthenticationException)
    A System.Security.Authentication.AuthenticationException was caught: "The remote certificate is invalid according to the validation procedure."
    Time: 19/01/2015 04:42:33 p. m.
    Thread:Worker Thread[17080]
    Exception:Thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'." (System.ServiceModel.Security.SecurityNegotiationException)
    A System.ServiceModel.Security.SecurityNegotiationException was thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'."
    Time: 19/01/2015 04:42:34 p. m.
    Thread:Worker Thread[17080]
    Appreciate any help, to solve this with the approach of WCF Service Reference in Windows Store App.
    Note:
    If I call the HTTPS service using a Console App it works very good using the following the code:
    ChannelFactory<IAgentService> factory = new ChannelFactory<IAgentService>("basicHttpBinding_IAgentService");
    ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) => true;
    IAgentService wcfProxy = factory.CreateChannel();
    Thanks in advance,
    RC

    Maybe not implemented.
    https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2dab2818-8f4c-4474-a7a1-db2cbfb40d40/accepting-client-certificate-for-https-connections?forum=winappswithcsharp

  • " Could not create SSL/TLS secure channel " error with Webtest of VS 2013

    hello !
    I want to test my mvc web project with webtest tools of VS 2013 and I Record a test with Internet Explorer
    but when I run test appear this error for me at result of test run : Could not create SSL/TLS secure channel
    for some requested url , but i watch requests in developer tools of chrome browser and I don't see this error.
    i have ssl certificate on the server.
    thanks 

    Hi ArashGhf,
    >>but when I run test appear this error for me at result of test run : Could not create SSL/TLS secure channel
    Based on the error message, it looks like it might be a problem with your certificate not being set up correctly for web performance test.
    Therefore, I suggest you could refer the autom8dTest's suggestion to convert the Web performance test to coded web performance test and then add the WebTestRequest ClientCertificates property to the ClientCertificates collection after the request
    is set up.
    For more information, please refer to it.
    https://social.msdn.microsoft.com/Forums/en-US/49e8d188-90c3-4d72-b387-10b1d1adc4a0/ssl-in-webtests-request-failed?forum=vstswebtest
    Hope it help you!
    Best Regards,
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Reporting services with R2 on DPM2012 - Could not establish trust relationship for the SSL/TLS secure channel

    Hi everyone,
    A somewhat similar question has been asked before by others but none of the answers given has helped me.I am attempting a DPM 2012 installation, which is failing at the "deploying reports" stage.My analysis of logs seems to point me in the direction of an SSL
    error, which does not make sense since the configuration files say SSL is disabled (or at least, should be).
    Here are the symptoms:
    1.I am able to browse http://FQDN/Reports_MSDPM2012 folder from internet explorer
    2.I am also able to browse http://FQDN/ReportServer_MSDPM2012 from internet explorer
    3.The information given in the logs and relevant config files is shown below:
    <<RSREPORTSERVER.CONFIG>>
    <ConnectionType>Default</ConnectionType>
    <LogonUser></LogonUser>
    <LogonDomain></LogonDomain>
    <LogonCred></LogonCred>
    <InstanceId>MSRS10_50.MSDPM2012</InstanceId>
    <InstallationID>{d9b1c335-5842-4a81-9148-79184c38bf09}</InstallationID>
    <Add Key="SecureConnectionLevel" Value="0"/>
    <Add Key="CleanupCycleMinutes" Value="10"/>
    <Add Key="MaxActiveReqForOneUser" Value="20"/>
    <Add Key="DatabaseQueryTimeout" Value="120"/>
    <Add Key="RunningRequestsScavengerCycle" Value="60"/>
    <Add Key="RunningRequestsDbCycle" Value="60"/>
    <Add Key="RunningRequestsAge" Value="30"/>
    <Add Key="MaxScheduleWait" Value="5"/>
    <Add Key="DisplayErrorLink" Value="true"/>
    <Add Key="WebServiceUseFileShareStorage" Value="false"/>
    <!--  <Add Key="ProcessTimeout" Value="150" /> -->
    <!--  <Add Key="ProcessTimeoutGcExtension" Value="30" /> -->
    <!--  <Add Key="WatsonFlags" Value="0x0430" /> full dump-->
    <!--  <Add Key="WatsonFlags" Value="0x0428" /> minidump -->
    <!--  <Add Key="WatsonFlags" Value="0x0002" /> no dump-->
    <Add Key="WatsonFlags" Value="0x0428"/>
    <Add Key="WatsonDumpOnExceptions" 
    4.The DPM log file still appears to be using SSL even though i used reporting services configuration to remove SSL bindings:
    running.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: exception ---> Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.ReportDeploymentException:
    exception ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could
    not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
    The remote certificate is invalid according to the validation procedure.
       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest,
    Exception exception)
    5:I do have an SCCM site on the default web site used by SMS clients but on different ports
    I am stumped.Somebody please give some advice
    Thank you

    Hi
    This is an old post but did you come right?

  • The full exception text is: Could not establish trust relationship for the SSL/TLS secure channel with authority :32844'.

    Hi I am getting this error,
    The Secure Store Service application Secure Store Service is not accessible
    The full exception text is: Could not establish trust relationship for the SSL/TLS secure channel with authority 'sp:32844'.
    Any help will be appreciated

    You may need to add the SSL to the SharePoint Trusted Root Authority.Get the root cert for the site you are securing with HTTPS/SSL and add in SharePoint Trusted Root Authority. As explained here -
    https://social.technet.microsoft.com/Forums/office/en-US/2aed19c6-24df-4646-b946-f4365a05e32f/secure-store-service-stops-working-once-or-twice-every-day-could-not-establish-trust-relationship?forum=sharepointadmin
    http://brainlitter.com/2012/03/13/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
    Thanks
    Ganesh Jat [My Blog |
    LinkedIn | Twitter ]
    Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

  • "Could not establish trust relationship for the SSL/TLS secure channel"

    During the configuration of DUET_E , when calling the DUET Application from SharePoint, the following error is shown :
    "Could not establish trust relationship for the SSL/TLS secure channel with authority 'MYSAPNW702SERVER:8001'"
    I have already seen the Post :
    Error in DUET Configuration at SSL
    This mentions the error, but does not provide any answers on resolution.
    The DUET_E troublshooting guide suggests that the SAP Standard SSL Certificate is added to SharePoint Central Admin > Security > Manage Trusts
    This has also been done.
    We are using the Standard SAP SSL Self signed certificate - not one signed by an external CA.
    Can anyone provide any guidance ?
    Thanks in advance.

    Hi Min,
    reading through your first post the problem might be the CN of the certificate. If you used the Wizard or the default way to create a self signed certicate, it is probably created with the CN server.domain (the fully qualified name of the server).
    However, when you created the BDC models the URLs pointing to the WSDL is probably only the servername (at least that is what I would assume after seeing your error message).
    Because of that SharePoint calls the SAP Duet server with the severname, but the certificate presented by the SAP system is not the servername, but the fully qualified servername. Because of that -- although SharePoint trusts the certificate -- the URL and certificate do not match and you get the error "Could not establish trust relationship for the SSL/TLS secure channel with authority 'MYSAPNW702SERVER:8001"
    If that is the case you have two options:
    1) you go to STRUST and create a new SSL certificate that has a CN of only the servername. Then you export this certificate and trust it in SharePoint
    2) or -- and this is the way I would recommend -- you try to adjust the URL used in the BDC model. Usually you get only the servername (and not the fully qualified DNS name) when you have not specified the profile parameter  icm/host_name_full. Which URL is currently used when you start transaction SAML2 or SOAMANAGER? If you have not yet set icm/host_name_full, then give this a try.
    Regards,
    Holger.

  • Could not create SSL/TLS secure channel.

    I have an application thats uses a third party service (so i have no control over it).
    In order to authenticate i have a pfx cert with a private key.
    I click the URL to access the service and IE tells me the page is not found.
    I import the pfx cert using all the default settings (automatically select the store etc) and inserting the private key password provided.
    Click the same URL and i can access the site and its services.
    Everything now works as expected locally.
    I move this application to a Windows Server 2008 R2 after hosting in IIS and followed the above steps except i get the error message "Could not create SSL/TLS secure channel.". So i followed all the related articles but non seem to work which leaves
    me to believe this is a server issue/configuration that needs to be carried out in order for it to work.
    The issue is im not sure where to start as ive looked at the event log viewer and nothing is listed in either Application or Security to narrow down the problem. Could anyone assist on how to resolve this issue?
    Thansk

    In IE i see a certificate listed for the site i require access.
    [quote]
    Which application are you using?
    Have you consult with the manufacturer of this application about this issue?
    What's the purpose of this certificate? Server authentication or client authenticate?
    Also, the certificate is issued to specified computers or users, please make sure the computer name is matched with the information of the certificate. [/quote]
    Im using an ASP .Net app. Manufacturer consulted - issue with server config.
    Going further i used an admin account for the application pool and everything worked straight away.
    I went one step further and used httpwebCertcfg assuming that would resolve the issue but hasnt.... i didnt wanna continue running further commands (i ran the command on
    local machine/Current user on the Personal store for users IIS_USR, Network service which resulted in the same issue)
    So question now would be how to give access to whatever for the app pool user which is currently set as ApplicationPoolIdentity?

  • TF215097: An error occurred while initializing a build for build definition : Could not establish trust relationship for the SSL/TLS secure channel

    Hello,
    We are facing an issue when triggering a new build using TFS 2013 Update 4, VS2013 Update 4 using TFVCTemplate.12.XAML template. All our other older build definitions just work fine but not the TFVCTemplate.12.XAML.  It seems to me that some certificate
    might be invalidated. Can anyone please point me in the right direction? 
    Thanks, 
    Mitul
    TF215097: An error occurred while initializing a build for build definition :
    Exception Message: One or more errors occurred. (type AggregateException)
    Exception Stack Trace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
    at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFile(TfsTeamProjectCollection projectCollection, String itemPath, Stream outputStream)
    at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFileAsString(TfsTeamProjectCollection projectCollection, String itemPath)
    at Microsoft.TeamFoundation.Build.Client.ProcessTemplate.Download(String sourceGetVersion)
    at Microsoft.TeamFoundation.Build.Hosting.BuildControllerWorkflowManager.PrepareRequestForBuild(WorkflowManagerActivity activity, IBuildDetail build, WorkflowRequest request, IDictionary`2 dataContext)
    at Microsoft.TeamFoundation.Build.Hosting.BuildWorkflowManager.TryStartWorkflow(WorkflowRequest request, WorkflowManagerActivity activity, BuildWorkflowInstance& workflowInstance, Exception& error, Boolean& syncLockTaken)
    Inner Exception Details:
    Exception Message: An error occurred while sending the request. (type HttpRequestException)
    Exception Stack Trace: at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__1.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
    at Microsoft.VisualStudio.Services.WebApi.HttpClientExtensions.<DownloadFileFromTfsAsync>d__2.MoveNext()
    Inner Exception Details:
    Exception Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. (type WebException)Exception Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
    at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
    Inner Exception Details:
    Exception Message: The remote certificate is invalid according to the validation procedure. (type AuthenticationException)
    Exception Stack Trace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
    at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

    Hi Mitul,
    Thanks for your reply.
    It’s strange, if your old build definitions can work using the same TFS Build Server, that indicate your TFS Server configuration is correct and can works. But only new build definition with default TfvcTemplate.12.xaml template cannot build successful.
    Please share your TFS Server detailed environment information here. And share your
    Build Service Properties dialog screenshot here.
    Try to clean the Cache for TFS 2013 manually(delete the content of the folder only, not the cache folder itself):
    Clean the Cache folder on Server machine. The folder path is:
    C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\_tfs_data.  
    After cleaned, on Server machine, click Start and select
    Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
    Additionally, you can run the TFS 2013 Power Tools BPA to scan the installation of your TFS Server.
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

    I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
    This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
    server is configured on http port 80 
    ERROR
    Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
    according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
    I've checked proxy server connectivity. I'm able browse following site from WSUS server
    http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
    I did telnet proxy server on the particular port (8080) and that is also fine.
    I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
    Any tips appreciated !
    Anoop C Nair (My Blog www.AnoopCNair.com)
    - Twitter @anoopmannur -
    FaceBook Forum For SCCM

    Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
    Your reply  ("SSL is enabled/configured, and the certificate being used is invalid
    (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
    I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
    My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
    proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
    Any other hints where I can prove them it's a sure shot problem from their side.
    Thanks again !!
    Anoop C Nair (My Blog www.AnoopCNair.com)
    - Twitter @anoopmannur -
    FaceBook Forum For SCCM

  • SSRS Report Server Could not establish connection. The underlying connection was closed. Could not establish trust relationship for the SSL/TLS Secure channel

    Hi
    Had to un-install and then re-install MS SQL Server 2012 with SSRS.
    After we re-installed we are able to get to the Web Services page but not the Report Server page and get the above error message. We need to use SSL and when we bind the cert in RS Configuration Manager it says it does this successfully on the WebServices
    tab. We also do a similar exercise on the ReportServer page. 
    Any help warmly welcomed :D
    Thanks

    Hi Rich Whight,
    According to your description, after you re-installed SQL Server 2012 with SSRS, you are able to access Web Service URL, but when you tried to access Report Manager URL, the error occurred: The underlying connection was closed. Could not establish trust
    relationship for the SSL/TLS Secure channel.
    The issue may be caused when the certificate isn't installed correctly in the trusted root for the local computer. To verify and install the certificate, Please refer to the steps blow:
    In RsReportServer.config file(default location: C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer), change the “SecureConnectionLevel” element value from 0 to 3.
    Add correct value to <UrlRoot> element.
    Add the same value to the <ReportServerUrl> element as step2.
    Go to Microsoft management Console, add the certificate which you use to access the report server under “Trusted Root Certification Authorities”.
    For more information about SSL configuration and Managing Trusted Root Certificates, please refer to the following documents:
    http://blogs.msdn.com/b/mariae/archive/2007/12/12/ssl-configuration-and-reporting-services.aspx
    http://technet.microsoft.com/en-us/library/cc754841.aspx
    If you have any more questions, please feel free to ask.
    Best Regards,
    Wendy Fu

  • The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

    I tried to redeem a digital download copy of a movie and was presented the following error: 
    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
    Any guesses on what it is and how to resolve it?
    Thanks

    Hi
    Abhilash Francis,
    Could you tell us your scenario?  What's your project? Is it a WCF service?
    Looks like this is not a code issue.
    Just from the error information,
    it seems that you do not configure the service certificate very well so as to Server was unable to process request.
    I am not completely sure  what the real scenario is, but it might be a problem of that It is a WCF services application,  please check these following articles to configure the service certificate.
    If not, please feel free to let me know.
    How to: Configure an IIS-hosted WCF service with SSL
    Could not establish trust
    relationship for the SSL/TLS secure channel
    Hope this helps.
    Best regards,
    Kristin
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Could Not Establish trust relationship for the SSL/TLS secure channel Sharepoint Web services

    I am trying to updateList items into a sharepoint list from the xml document stored in my shared drive in remote server. To make that work i wrote down a Powershell Script that utilizes Sharepoint Webservices Api Updatelistitems function to perform the acitivity.
    I ran the script over in Dev environment it works, Then i went into QA that Works too. At last i am now in PROD and agains ran the script i am now receicing following error:
    New-WebServiceProxy : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
    All of my servers dev, QA and PROD web apps are encrypted by Https 443 using Cerified root certificate. Powershell script i am running are mirror copy. System accoutn i am using has owner privileages to sharepoint site and its list.
    Am i missing something here, what is blocking this traffic i have no clue.
    Thank You

    are u using self singed certificate?
    also check this http://www.poshpete.com/powershell/new-webserviceproxy-and-ssl
    http://www.brainlitter.com/2012/03/13/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Maybe you are looking for