Click here to Skip to main content
11,934,809 members (44,673 online)
Rate this:
Please Sign up or sign in to vote.
See more: ASP.NET WebService
I deployed a web service to a secure server, and when I try to add a web reference to that service to a desktop app, the service is found and I get the expected output on the left side of the Add Web Reference dialog box (it shows the name of the service and all of the exposed methods), but I get this error and can't add the reference (the button is disabled):

There was an error downloading 'https://blah.blah/blah/service1.asmx'.
The request was aborted: Could not create SSL/TLS secure channel.
There was an error downloading 'https://blah.blah/blah/service1.asmx/$metadata'.
The request was aborted: Could not create SSL/TLS secure channel.

I found on google that it might be caused by an expired root certificate, but the server in question has over 300 root certificates. How do I find out which root certificate is being used by IIS, and if it's expired, how to modify IIS to use one that ISN'T expired?

In the interest of providing complete info, the web site under which the service is hosted autheticates the user by using a CAC card (it's a DoD thing). I believe that's a X509 thing.
Posted 31-Jan-12 2:55am
Edited 31-Jan-12 3:15am
Espen Harlinn 31-Jan-12 8:39am
Hi John - glad you are back :)
Any reason for using .asmx and not wcf?
wcf is actually easier to configure, .asmx depends on a lot of stuff that can be hard to track down.

Is the .asmx deployed as part of a web app running under the network service user? It's common to find that 'custom' service users has not been configured correctly, depending on your needs for delegation and impersonation, in AD.
I'm not "back", I'm just asking a question at the best place I know of to ask a question.

To answer your question, no, there's no reason I chose a non-wcf solution, and I was actually contemplating trying it just to see if it would work any better. What I don't understand is why it lets me see the web methods (meaning it found the service I was after), yet can't create a SSL channel.
Espen Harlinn 31-Jan-12 9:21am
>> I'm not "back"
Pity - you've definitely been a major contributor.

This application of yours, is it running inside a single domain/forest?

The web service is on a server, the app is on my local box, on the same domain.
Espen Harlinn 31-Jan-12 9:58am
Good - have you installed the certificate authority's certificate on your computer?
Didn't know I had to There's a crap load of CAs on our machines. Crapload = 89.
Espen Harlinn 31-Jan-12 10:09am
It depends, with a Windows enterprise CA, enrollment can also be automatic where group policies are used to auto enroll machine or user certificates ... as I mentioned I've found that deploying WCF solutions are simpler - and they can be complicated enough, depending on how creative the network admins are.

I guess you want impersonation to work too?
I don't understand why it doesn't "just work".
Espen Harlinn 31-Jan-12 12:43pm
Have a look at "Simple TLS handshake" at
and read:
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Hi john,

I think this article covers the most important steps:[^]

Best regards
Espen Harlinn
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12

added that line to Application_Start of global.asax

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.151126.1 | Last Updated 6 Nov 2014
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100