Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / September 2004

Tip: Looking for answers? Try searching our database.

WS-Security with makecert

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Shell - 10 Sep 2004 10:13 GMT
I'm trying to pass an X509SecurityToken from my client to my web
service. The certificate was made using makecert.exe, so it obviously
isn't trusted by the system. The problem now is that my service rejects
the call outright with the following message:

Microsoft.Web.Services2.Security.SecurityFault: The security token
could not be authenticated or authorized --->
System.Security.SecurityException: WSE537: The certificate's trust
chain could not be verified with the following reason: A certificate
chain processed correctly, but terminated in a root certificate which
is not trusted by the trust provider.

Can I tell my service not to implicitly verify the certificate? Or, is
there a way to make the system trust my certificate?
Reply to this Message
SA - 10 Sep 2004 20:02 GMT
In your web.config file, you can check the entry for X.509 certificates.

Two attributes relate to your question: verifyTrust and allowTestRoot. See
the WSE 2.0 docs for more info.

I am not sure if makecert certificates are the ones that will be allowed if
allowTestRoot is true. In any case, verifyTrust="false" will not check the
chain to find a trusted issuer.

HTH,

Signature

Sven

> I'm trying to pass an X509SecurityToken from my client to my web
> service. The certificate was made using makecert.exe, so it obviously
[quoted text clipped - 10 lines]
> Can I tell my service not to implicitly verify the certificate? Or, is
> there a way to make the system trust my certificate?
Reply to this Message
Dilip Krishnan - 15 Sep 2004 03:21 GMT
Try adding the certificates CA into your trusted root to see if it helps
Regards
Dilip Krishnan

> I'm trying to pass an X509SecurityToken from my client to my web
> service. The certificate was made using makecert.exe, so it obviously
[quoted text clipped - 10 lines]
> Can I tell my service not to implicitly verify the certificate? Or, is
> there a way to make the system trust my certificate?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.