1

We are connecting to a third party web service, which we believe to built with old Java technology.

We connect to it via WCF. We had an issue getting it working which we solved in a related question.

The setup

The remote service has two types of call:

  • One that just has input fields
  • One that uses ws-security header too

Both are encryped on https.

The problem

If we use Fiddler as a man-in-the-middle to inspect the encrypted traffic, all works.

Without fiddler (Removing the fiddler certificates etc etc) the following happens:

  • Normal calls work (Yay!)
  • Calls with ws-security headers fail with "Could not establish secure channel for SSL/TLS with authority" error

We have tried playing with firewalls, restarting, uninstalling fiddler, wireshark etc etc but nothing is working.

Does anyone out there have any ideas of what we can try next.

Community
  • 1
  • 1
Ruskin
  • 5,721
  • 4
  • 45
  • 62
  • Thought there might be headers added by VS in debug mode, tried in release mode ... did not work ... – Ruskin Oct 23 '14 at 14:44

1 Answers1

2

Using wireshark we found a record with "Certificates Length: 0"

Googling that came up with the following link.

https://stackoverflow.com/a/4127130/3771616

The problem was caused by:

In app.config the custom binding had an empty httpsTransport tag. I changed this to:

<httpsTransport requireClientCertificate="true" />
Community
  • 1
  • 1
wavydavy
  • 369
  • 3
  • 8
  • Ah, the two calls used different bindings - and Fiddler supplied the certificates when it was running. The ws-security call did not have certificate supplied via the binding – Ruskin Oct 24 '14 at 13:59