Geeks With Blogs
Devdutt's Blog My ramblings on just about everything...

This is an old-beaten-to-death issue, but I've got a couple of queries about this already. That, and a lack of anything else substantial to post, and I'm ready for my latest blog entry.

Once in a while when you are using the SOAP adapter to consume a Secure Web Service (more often than not, a J2EE Web Service), you might get the following error:

The adapter "SOAP" raised an error message. Details "The underlying connection was closed: Could not establish trust relationship with remote server."

Now you've made sure that you've installed the certificate in all the right roots and you're specifying the thumbprint wherever you are required to, and still, this error keeps hounding you.

The following could be one reason why this is happening. By default, with the .NET Framework 1.1, the name that is used on the HTTP request must match the name of the server that is issued with the SSL certificate. Meaning, the "Issued To" property in the certificate (marked in red) that the Web Server sends to identify itself, needs to match the qualified server name on which the Web Service that you need to access resides.

For e.g.: When trying to call a Web Method on a Service found at:

https://myyada.youryada.com/ouryada

the certificate that the Web Server sends to you, should be Issued To, "myyada.youryada.com".

More often than not when we're interacting with older Web Services and those that are developed on different platforms, this won't necessarily be the case. This policy can be overridden through code, but since the SOAP Adapter is a black box to us, we could do the following. This policy is also defined by the following Config entry in machine.config.

One workaround this problem is to override this entry in BTSNtSvc.exe.config as:

But like all workarounds, this one comes with its own caveats - security implications in this case. Use it only if the Web Service is a live system and reconfiguring certificates on it is going to be a pain. If you have a resident MS consultant, take his blessings before proceeding.

Posted on Tuesday, March 7, 2006 10:45 AM BizTalk Server 2004 | Back to top


Comments on this post: SOAP Adapter SSL problem...

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Devdutt Patnaik | Powered by: GeeksWithBlogs.net