Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
Hi
 
I have a windows service which periodically connects remote web service method and passes the required parameters. This system was working perfect.
 
But for the live system, we needed to install and use client SSL certificate to call that remote web service method. Now, the windows servce returns the error below.
 
identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'thet-ws.ema.europa.eu' but the remote endpoint provided DNS claim 'TURSIGN'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'TURSIGN' as the Identity property of EndpointAddress when creating channel proxy.
 
If I put TURSIGN as the identity like suggested, I receive the error;
 
Could not establish secure channel for SSL/TLS with authority 'thet-ws.ema.europa.eu:444'.
 
How can I resolve this problem?
 
Regards.
Posted 1-May-13 4:18am
vucark422
Comments
Mike Meinz at 1-May-13 12:42pm
   
I suggest that you have someone thoroughly check the DNS entries for thet-ws.ema.europa.eu. I used NSLOOKUP to get the IP Address (92.242.144.7) and then tried a Reverse DNS lookup using one of the public web pages that provide Reverse DNS Lookup service and got server can't find 7.144.242.92.in-addr.arpa error. Furthermore, if I use NSLOOKUP option set q=any, I get an error: Non-existent domain for thet-ws.ema.europa.eu
vucark at 1-May-13 13:14pm
   
Hi Mike.
The correct DNS address was thetis-ws.emsa.europa.eu:444 and the web service WSDL url
https://thetis-ws.emsa.europa.eu:444/thetis-data-exchange-integration-webservice/ClassInformationServices?wsdl
Mike Meinz at 1-May-13 13:41pm
   
NSLOOKUP results shows that portal.emsa.europa.eu is the actual server name for the server at IP Address 91.231.216.129. thetis-ws.emsa.europa.eu is an alias.
 
NSLOOKUP
> set q=any
> thetis-ws.emsa.europa.eu
 
Non-authoritative answer:
thetis-ws.emsa.europa.eu canonical name = portal.emsa.europa.eu
 
REVERSE DNS LOOKUP
Results
91.231.216.129 resolves to
"portal.emsa.europa.eu"
 
When accessing the web service, I got an error that said the certificate was not issued by a trusted certificate authority. Maybe there is a problem with the certificate. If you want to use SSL over the Internet, you should probably acquire a SSL certificate from one of the trusted authorities.
vucark at 1-May-13 14:14pm
   
Hi Mike,
 
This certificate is self signed. We got the signed certificate that they sent us. We have already installed that certificate. What do we need to do to make this client certificate trusted?
Mike Meinz at 1-May-13 14:29pm
   
If you are creating your own certificate, you must also create a certificate authority certificate and install that on every computer that will access your web site. Part of this CodeProject Tip may help you create the certificate authority certificate - How to be your own Certificate Authority and create your own certificate to sign code files
 
Almost everyone uses a trusted certificate authority because of the requirement that the certificate authority certificate must be on every PC that will access your web site.
vucark at 1-May-13 15:41pm
   
They gave us the required CA certificates and they have already installed also. But we still receive the same error.
Mike Meinz at 1-May-13 16:47pm
   
Sorry. I can offer no additional help.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 350
1 Jochen Arndt 150
2 Richard MacCutchan 135
3 Andreas Gieriet 100
4 DamithSL 95
0 OriginalGriff 6,045
1 DamithSL 4,601
2 Maciej Los 4,087
3 Kornfeld Eliyahu Peter 3,480
4 Sergey Alexandrovich Kryukov 3,260


Advertise | Privacy | Mobile
Web03 | 2.8.141220.1 | Last Updated 1 May 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100