Click here to Skip to main content
15,917,005 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I deployed a web service to a secure server, and when I try to add a web reference to that service to a desktop app, the service is found and I get the expected output on the left side of the Add Web Reference dialog box (it shows the name of the service and all of the exposed methods), but I get this error and can't add the reference (the button is disabled):

There was an error downloading 'https://blah.blah/blah/service1.asmx'.<br />
The request was aborted: Could not create SSL/TLS secure channel.<br />
There was an error downloading 'https://blah.blah/blah/service1.asmx/$metadata'.<br />
The request was aborted: Could not create SSL/TLS secure channel.

I found on google that it might be caused by an expired root certificate, but the server in question has over 300 root certificates. How do I find out which root certificate is being used by IIS, and if it's expired, how to modify IIS to use one that ISN'T expired?

In the interest of providing complete info, the web site under which the service is hosted autheticates the user by using a CAC card (it's a DoD thing). I believe that's a X509 thing.
Updated 31-Jan-12 2:15am
Espen Harlinn 31-Jan-12 8:39am    
Hi John - glad you are back :)
Any reason for using .asmx and not wcf?
wcf is actually easier to configure, .asmx depends on a lot of stuff that can be hard to track down.

Is the .asmx deployed as part of a web app running under the network service user? It's common to find that 'custom' service users has not been configured correctly, depending on your needs for delegation and impersonation, in AD.
#realJSOP 31-Jan-12 9:16am    
I'm not "back", I'm just asking a question at the best place I know of to ask a question.

To answer your question, no, there's no reason I chose a non-wcf solution, and I was actually contemplating trying it just to see if it would work any better. What I don't understand is why it lets me see the web methods (meaning it found the service I was after), yet can't create a SSL channel.
Espen Harlinn 31-Jan-12 9:21am    
>> I'm not "back"
Pity - you've definitely been a major contributor.

This application of yours, is it running inside a single domain/forest?

#realJSOP 31-Jan-12 9:50am    
The web service is on a server, the app is on my local box, on the same domain.
Espen Harlinn 31-Jan-12 9:58am    
Good - have you installed the certificate authority's certificate on your computer?

Hi john,

I think this article covers the most important steps:[^]

Best regards
Espen Harlinn
Share this answer
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12

added that line to Application_Start of global.asax
Share this answer
ghuleshekhar 19-Mar-16 3:21am    
thanks ... it work :-)
carceb 17-Jul-19 14:41pm    
Thank you very much, my problem was that in Visual Studio 2019 when I try to connect to the Web Service through a third-party API, the following error occurred: "The request was aborted: Could not create SSL/TLS secure channel" with your suggestion the problem was fixed, again thank you very much, you are the best.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900