WCF Could not establish trust relationship for the SSL/TLS secure channel with authority

0
votes

I have deployed my WCF service in QA server with self signed certificate.

My service use TransportWithMessageCredential mode with clientCredentialType="UserName" on WSHttpBinding.

When I invoked the QA service from my local I got

Could not establish trust relationship for the SSL/TLS secure channel with authority

exception.

The error was fixed when I exported the self signed certificate installed in QA and imported the same in local machine.

  1. Is this correct way of doing ?
  2. Is there any other way I can solve this issue so that client don't want to install any thing at their end
  3. We are planning to have valid SSL for production environment. If that is the case do I need to install the production certificate in client to access the production service as well ?

I'm worried because I don't want to disturb the client and ask to install certificate. If I could do some thing from server end that would be great.

1
wcfsslwcf-security

1 Answers

1
votes

You are using untrusted certificate. Any self signed certificate is untrusted because it is not installed in trusted root authorities in certificate store. When you installed it to local computer store (in root authorities I presume) you declared that you trust this certificate.

It is not wrong to use certificates that are not trusted by default in testing environment. I prefer to make my own CA certificate which issues SSL server and client certificates. I am using XCA because the whole process takes no longer than 5 minutes. But there are many CAs (trusted by most/all of browser certificate stores) that issue SSL certificates for free. So you have this option too.

When you'll get valid SSL certificate for production environment you shouldn't have this problem (but it depends on what CA issued the SSL certificate and weather the CA certificate will be trusted in all stores like IE, FF, Apple, android etc.).