I'm contacting a web service using a certificate stored in Machine and in user space "myUser". When I contact the web service impersonating "myUser" from a win application all works well.
But when I contact this using Sharepoint context (I have only 1 frontend) I have only sometimes the following error:
Could not establish trust relationship for the SSL/TLS secure channel with authority 'server.host:4443'
I verified that the web service is invoked using user "myUser" as expected but in Sharepoint context so开发者_开发知识库metimes this method crashes.
I don't know what can be the problem. It seems related to Sharepoint/ASP.NET security context but all seems to be ok. Any suggestion?
I think that the only sometimes is the important point here.
Since it works most of the time it is actually setup and configured ok.
The machine that you are sending the certificate to must be able to validate the certificate. My guess is that something is going wrong sometimes. Things that could cause this are:
- a network problem, firewall ...
- AD server down (I am assuming a self issued certificate)
- AD server too busy
Check the event logs of your AD and Sharepoint server.
Have you granted access to the certificate for the asp.net worker process under which SharePoint is running?
In Windows 2008, you need to open the certificates mmc (Start -> Run -> MMC -> File -> Add/Remove SnapIn -> Certificates. Be sure to select "Computer Account" when prompted for how certificates will be managed. Locate the certificate, right-click on it, select "All Tasks". There should be an option in there that allows you to manage permissions to the certificate. You will need to grant read access to the account under which the application pool for SharePoint is running.
Note: if you are running Windows Server 2003, you will need to use winhttpcertcfg.exe to configure certificate permissions.
Try this:
System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
Before you make any calls.
精彩评论