Asp Forum - Could not establish secure channel for SSL/TLS - microsoft.public.dotnet.framework.remoting

hugo

10/12/2004 3:29:00 PM

Hello. I'm trying to the sample found on msdn

"Hosting Remote Objects in Internet Information Services (IIS)"
at

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...

I've been able to do it in http mode. The problem occurs over https. I get
the following expection : "Could not establish secure channel for SSL/TLS"
I've read a lot of documentation with possible solutions and nothings works!
I've implemented the ICertificatePolicy interface and the
CheckValidationResult method. I tried the placing
checkCertificateName="true" (and false also) in client's config file. Iv'e
changed the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
checkCertificateName to false.

I'm testing this sample on localhost. Both server and client are running on
this machine.
Window xp professional sp1.
..net framework 1.1
IIS 5.1

Many thanks in advance..

7 Answers

Ken Kolda

10/12/2004 4:29:00 PM

If you haven't done so already, verify that you're able to use IE to
establish an HTTPS connection to your remote object by putting the object's
URI into your browser. If you get back a 400 or 500 error, that means you
were able to establish a connection and get to the object.

I can say I've seen this error once before, and it was caused by an
improperly configured firewall/proxy between the client and server (in this
case, it was Microsoft's ISA server). It would permit a connection from IE
but not from the remoting client because the remoting app didn't send
windows credentials to the proxy.

Good luck -
Ken

"Hugo" <Hugo@discussions.microsoft.com> wrote in message
news:E0CD063B-F7E3-49EB-B215-A387551EA223@microsoft.com...
> Hello. I'm trying to the sample found on msdn
>
> "Hosting Remote Objects in Internet Information Services (IIS)"
> at
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...
>
> I've been able to do it in http mode. The problem occurs over https. I get
> the following expection : "Could not establish secure channel for SSL/TLS"
> I've read a lot of documentation with possible solutions and nothings
works!
> I've implemented the ICertificatePolicy interface and the
> CheckValidationResult method. I tried the placing
> checkCertificateName="true" (and false also) in client's config file. Iv'e
> changed the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
> checkCertificateName to false.
>
> I'm testing this sample on localhost. Both server and client are running
on
> this machine.
> Window xp professional sp1.
> .net framework 1.1
> IIS 5.1
>
> Many thanks in advance..
>

hugo

10/12/2004 6:01:00 PM

Hello..Thanks for the fast reply.The sample runs well on http port 80.
I made the test on the browser. On port 80 the browser returns 404.
Under https i get a dns error!!What can this be??

"Ken Kolda" wrote:

> If you haven't done so already, verify that you're able to use IE to
> establish an HTTPS connection to your remote object by putting the object's
> URI into your browser. If you get back a 400 or 500 error, that means you
> were able to establish a connection and get to the object.
>
> I can say I've seen this error once before, and it was caused by an
> improperly configured firewall/proxy between the client and server (in this
> case, it was Microsoft's ISA server). It would permit a connection from IE
> but not from the remoting client because the remoting app didn't send
> windows credentials to the proxy.
>
> Good luck -
> Ken
>
>
> "Hugo" <Hugo@discussions.microsoft.com> wrote in message
> news:E0CD063B-F7E3-49EB-B215-A387551EA223@microsoft.com...
> > Hello. I'm trying to the sample found on msdn
> >
> > "Hosting Remote Objects in Internet Information Services (IIS)"
> > at
> >
> >
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...
> >
> > I've been able to do it in http mode. The problem occurs over https. I get
> > the following expection : "Could not establish secure channel for SSL/TLS"
> > I've read a lot of documentation with possible solutions and nothings
> works!
> > I've implemented the ICertificatePolicy interface and the
> > CheckValidationResult method. I tried the placing
> > checkCertificateName="true" (and false also) in client's config file. Iv'e
> > changed the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
> > checkCertificateName to false.
> >
> > I'm testing this sample on localhost. Both server and client are running
> on
> > this machine.
> > Window xp professional sp1.
> > .net framework 1.1
> > IIS 5.1
> >
> > Many thanks in advance..
> >
>
>
>

Ken Kolda

10/12/2004 6:31:00 PM

I suspect it's not actually a DNS error -- it's probably the browser's
generic "can't establish a connection error" which it says may be a DNS
issue. So, some things to check:

1) This may be obvious, but you do have an SSL certificate installed on your
IIS server, right?
2) Your IIS server is configured to listen to port 443.
3) If you have multiple web sites defined (e.g. using host headers and/or
different IPs), that your client will go to the correct web site for your
remoting app.
4) There's no firewall/proxy that would be blocking port 443.

Now that you know the browser doesn't work either, the next test is to use
telnet, e.g.

telnet localhost 443

Most likely this will fail as your system stands now. You'll need to resolve
this networking issue before remoting will work.

Ken

"Hugo" <Hugo@discussions.microsoft.com> wrote in message
news:4B38A3F1-1D7A-4387-8DBE-74BC6CF562D4@microsoft.com...
> Hello..Thanks for the fast reply.The sample runs well on http port 80.
> I made the test on the browser. On port 80 the browser returns 404.
> Under https i get a dns error!!What can this be??
>
> "Ken Kolda" wrote:
>
> > If you haven't done so already, verify that you're able to use IE to
> > establish an HTTPS connection to your remote object by putting the
object's
> > URI into your browser. If you get back a 400 or 500 error, that means
you
> > were able to establish a connection and get to the object.
> >
> > I can say I've seen this error once before, and it was caused by an
> > improperly configured firewall/proxy between the client and server (in
this
> > case, it was Microsoft's ISA server). It would permit a connection from
IE
> > but not from the remoting client because the remoting app didn't send
> > windows credentials to the proxy.
> >
> > Good luck -
> > Ken
> >
> >
> > "Hugo" <Hugo@discussions.microsoft.com> wrote in message
> > news:E0CD063B-F7E3-49EB-B215-A387551EA223@microsoft.com...
> > > Hello. I'm trying to the sample found on msdn
> > >
> > > "Hosting Remote Objects in Internet Information Services (IIS)"
> > > at
> > >
> > >
> >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...
> > >
> > > I've been able to do it in http mode. The problem occurs over https. I
get
> > > the following expection : "Could not establish secure channel for
SSL/TLS"
> > > I've read a lot of documentation with possible solutions and nothings
> > works!
> > > I've implemented the ICertificatePolicy interface and the
> > > CheckValidationResult method. I tried the placing
> > > checkCertificateName="true" (and false also) in client's config file.
Iv'e
> > > changed the
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
> > > checkCertificateName to false.
> > >
> > > I'm testing this sample on localhost. Both server and client are
running
> > on
> > > this machine.
> > > Window xp professional sp1.
> > > .net framework 1.1
> > > IIS 5.1
> > >
> > > Many thanks in advance..
> > >
> >
> >
> >

hugo

10/12/2004 9:41:00 PM

Hello Ken. Thanks for your help.

1 - Yes, i have a certifate that i created with makecert for this tests.
I've singed this certificate with another one that simulates a certificate
authority.
I've made this for avoiding the message "This certificate cannot be verified
up to a
trusted certification authority" when we view the certificate on internet
explorer or on iis.

2 - Yes, my iis is configured to run on port 443. By default, after
installing the server certificate
ssl was activated on port 443.

I've done what you told, telnet localhost 443..It worked!!!Just for make
sure i turned
off iis and telnet returned "Connecting To localhost...Could not open
connection to the host, on port 443: Co
nnect failed". So iis is listening on port 443. I'm now at home. My system
is a Windows XP SP2.
Running the same sample here at home produces the same error. When i start
the sample
XP firewall ask's me if i want to unlock the application and that's what i
do. Then the same error
apears. Also i'm able to connect to iis doing a telnet to localhost 443 here
at home.
I don't know what i'm doing wrong..I did not perceive your third point can
you explain please?!

Thanks...

"Ken Kolda" wrote:

> I suspect it's not actually a DNS error -- it's probably the browser's
> generic "can't establish a connection error" which it says may be a DNS
> issue. So, some things to check:
>
> 1) This may be obvious, but you do have an SSL certificate installed on your
> IIS server, right?
> 2) Your IIS server is configured to listen to port 443.
> 3) If you have multiple web sites defined (e.g. using host headers and/or
> different IPs), that your client will go to the correct web site for your
> remoting app.
> 4) There's no firewall/proxy that would be blocking port 443.
>
> Now that you know the browser doesn't work either, the next test is to use
> telnet, e.g.
>
> telnet localhost 443
>
> Most likely this will fail as your system stands now. You'll need to resolve
> this networking issue before remoting will work.
>
> Ken
>
>
> "Hugo" <Hugo@discussions.microsoft.com> wrote in message
> news:4B38A3F1-1D7A-4387-8DBE-74BC6CF562D4@microsoft.com...
> > Hello..Thanks for the fast reply.The sample runs well on http port 80.
> > I made the test on the browser. On port 80 the browser returns 404.
> > Under https i get a dns error!!What can this be??
> >
> > "Ken Kolda" wrote:
> >
> > > If you haven't done so already, verify that you're able to use IE to
> > > establish an HTTPS connection to your remote object by putting the
> object's
> > > URI into your browser. If you get back a 400 or 500 error, that means
> you
> > > were able to establish a connection and get to the object.
> > >
> > > I can say I've seen this error once before, and it was caused by an
> > > improperly configured firewall/proxy between the client and server (in
> this
> > > case, it was Microsoft's ISA server). It would permit a connection from
> IE
> > > but not from the remoting client because the remoting app didn't send
> > > windows credentials to the proxy.
> > >
> > > Good luck -
> > > Ken
> > >
> > >
> > > "Hugo" <Hugo@discussions.microsoft.com> wrote in message
> > > news:E0CD063B-F7E3-49EB-B215-A387551EA223@microsoft.com...
> > > > Hello. I'm trying to the sample found on msdn
> > > >
> > > > "Hosting Remote Objects in Internet Information Services (IIS)"
> > > > at
> > > >
> > > >
> > >
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...
> > > >
> > > > I've been able to do it in http mode. The problem occurs over https. I
> get
> > > > the following expection : "Could not establish secure channel for
> SSL/TLS"
> > > > I've read a lot of documentation with possible solutions and nothings
> > > works!
> > > > I've implemented the ICertificatePolicy interface and the
> > > > CheckValidationResult method. I tried the placing
> > > > checkCertificateName="true" (and false also) in client's config file.
> Iv'e
> > > > changed the
> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
> > > > checkCertificateName to false.
> > > >
> > > > I'm testing this sample on localhost. Both server and client are
> running
> > > on
> > > > this machine.
> > > > Window xp professional sp1.
> > > > .net framework 1.1
> > > > IIS 5.1
> > > >
> > > > Many thanks in advance..
> > > >
> > >
> > >
> > >
>
>
>

hugo

10/14/2004 9:07:00 PM

I've having the same problem with web services..it must be for
the same reason...Don't understand this problem!!!

"Hugo" wrote:

> Hello. I'm trying to the sample found on msdn
>
> "Hosting Remote Objects in Internet Information Services (IIS)"
> at
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...
>
> I've been able to do it in http mode. The problem occurs over https. I get
> the following expection : "Could not establish secure channel for SSL/TLS"
> I've read a lot of documentation with possible solutions and nothings works!
> I've implemented the ICertificatePolicy interface and the
> CheckValidationResult method. I tried the placing
> checkCertificateName="true" (and false also) in client's config file. Iv'e
> changed the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
> checkCertificateName to false.
>
> I'm testing this sample on localhost. Both server and client are running on
> this machine.
> Window xp professional sp1.
> .net framework 1.1
> IIS 5.1
>
> Many thanks in advance..
>

Frank Mamone

10/15/2004 2:46:00 AM

I'm curious as to how this is supposed to work as SSL inherently works with
port 443. How does that come into play when using IIS as a remote object
server?

- Frank

"Hugo" <Hugo@discussions.microsoft.com> wrote in message
news:3633E011-9CAE-44A9-A3D7-8B22D44492D1@microsoft.com...
> I've having the same problem with web services..it must be for
> the same reason...Don't understand this problem!!!
>
> "Hugo" wrote:
>
>> Hello. I'm trying to the sample found on msdn
>>
>> "Hosting Remote Objects in Internet Information Services (IIS)"
>> at
>>
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...
>>
>> I've been able to do it in http mode. The problem occurs over https. I
>> get
>> the following expection : "Could not establish secure channel for
>> SSL/TLS"
>> I've read a lot of documentation with possible solutions and nothings
>> works!
>> I've implemented the ICertificatePolicy interface and the
>> CheckValidationResult method. I tried the placing
>> checkCertificateName="true" (and false also) in client's config file.
>> Iv'e
>> changed the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
>> checkCertificateName to false.
>>
>> I'm testing this sample on localhost. Both server and client are running
>> on
>> this machine.
>> Window xp professional sp1.
>> .net framework 1.1
>> IIS 5.1
>>
>> Many thanks in advance..
>>

hugo

10/15/2004 9:11:00 AM

Hello, this never worked with me. In my tests i get "Could not establish
secure channel for SSL/TLS". I only believe in what i see.

Since .net remoting are identified by an URI and exposed in that way,
publishing them on iis should be as easy as publishing a site. This is a very
interesting solution
for building a stream application and advantage of IIS security. If you want
to know
more you can take a look to at

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/CL_S...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostin...

If you can put this working please tell me. Thanks.

"Frank Mamone" wrote:

> I'm curious as to how this is supposed to work as SSL inherently works with
> port 443. How does that come into play when using IIS as a remote object
> server?
>
> - Frank
>
> "Hugo" <Hugo@discussions.microsoft.com> wrote in message
> news:3633E011-9CAE-44A9-A3D7-8B22D44492D1@microsoft.com...
> > I've having the same problem with web services..it must be for
> > the same reason...Don't understand this problem!!!
> >
> > "Hugo" wrote:
> >
> >> Hello. I'm trying to the sample found on msdn
> >>
> >> "Hosting Remote Objects in Internet Information Services (IIS)"
> >> at
> >>
> >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhostingremoteobjectsininternetinformationservi...
> >>
> >> I've been able to do it in http mode. The problem occurs over https. I
> >> get
> >> the following expection : "Could not establish secure channel for
> >> SSL/TLS"
> >> I've read a lot of documentation with possible solutions and nothings
> >> works!
> >> I've implemented the ICertificatePolicy interface and the
> >> CheckValidationResult method. I tried the placing
> >> checkCertificateName="true" (and false also) in client's config file.
> >> Iv'e
> >> changed the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\machine.config
> >> checkCertificateName to false.
> >>
> >> I'm testing this sample on localhost. Both server and client are running
> >> on
> >> this machine.
> >> Window xp professional sp1.
> >> .net framework 1.1
> >> IIS 5.1
> >>
> >> Many thanks in advance..
> >>
>
>
>

microsoft.public.dotnet.framework.remoting

Could not establish secure channel for SSL/TLS

hugo

Ken Kolda

hugo

Ken Kolda

hugo

hugo

Frank Mamone

hugo

x Login to ForumsZone