I have a WCF service that is ONLY every used between two server machines. It will NEVER be used publicly.
I was hoping I could use SSL with a self signed certificate for security.
I created a certificate using IIS7, installed it on the client machine using IE and the MMC (Personal, TrustedRoot, Third-Party & TrustedPeople).
I still can't get to the service, either from code or via IE8, without it questioning the certificate.
From IE I get the usual "There is a problem with this website's security certificate."
From code I get the error: "Could not establish trust relationship for the SSL/TLS secure channel with authority"
Why is this not working?
The reason it doesn't work is that IE detects that the certificate was not created from a valid CA (Certificate Authority). Self signed certificates are more for testing than anything else. There wouldn't be much point to SSL if you weren't warned about it.
I had this today - but with IIS7. If you use IIS to generate the cert (inetmgr->select the home node then choose Server Certificates, use the right menu option to create a self certified certificate. The 'issued to' attribute is set using the FQDN of your machine - like 'mymachine.myintranet.copp.net' or whatever.
As long as you FQDN for the url to connect from the service - like 'mymachine.myintranet.copp.net/myservice/service.svc' then the error goes.
If you're using an alternative URL, like an IP address, or localhost, then the error occurs. So, the machine above was obviously known as johnma in his network then it works.
Are you sure that your self-signed certification is in the Trusted Root Certification Authorities certificate store on the client machine that will be accessing your WCF service? See the screenshot below of a self-signed certificate that is trusted by one of my Windows Vista machines.
Are you also sure that your certificate is a self-signed certificate. See screenshot at end of one of my self-signed certificates.
Updated information:
Check out this posting for information on how to use a utility called SelfSSL7 to create self-signed certificates that contain multiple host names.
Here's another link with good information on SelfSSL7.exe and download information.