XMediusFax no pudo establecer una relación de confianza para el canal seguro SSL / TLS

There are a lot of articles talking about this error and how to resolve it. I'm assuming it is a semi catch all error report for different types of connectivity issues. Here is my scenario, I hope someone can help me to figure out what is wrong. I'm somewhat new to this.

I have a fax server using XMediusFax. I use their API to communicate with the server to send faxes and check the status of the faxes. My DLLs are all registered correctly on my machine, and I have the certificate setup under the Trusted Root Certification Authorities section.

If I call my code in a standard VBS script it works 100% fine. If I move the code into my ASP website it gives me the error: Could not establish trust relationship for the SSL/TLS secure channel. I opened IIS 7, went to my site, went to Authentication, selected the Anonymous Authentication option, and changed it from the default value of IUSR to my domain login. After doing that It works great from my website.

Modifying the Anonymous Authentication is not a solution I would want to roll out to customers. Does anyone have a less brute force approach that I could try? I did try setting my app pools identity to my domain account and that didn't fix the issue.

preguntado el 09 de marzo de 12 a las 14:03

1 Respuestas

I believe that your issue may be caused by the fact the web service call between your application and XMediusFAX is executed under the context of the IUSR account. The XMediusFAX certificate that you have added to your trusted certificates applies to your user account, not to the IUSR account. When you replace IUSR with your account, it works, since it gets your list of trusted certificates.

There may be a few solutions available to you, depending on your needs. For example:

  • You could setup a local account (on the IIS server), select it for the anonymous user identity, login with that account and add the XMediusFAX certificate to the trusted certificates of this account
  • You could have your XMediusFAX certificate signed by a trusted authority
  • You could implement a callback in your application to decide what to do with the certificate proposed by the XMediusFAX server

This last option may be a good one for you. I don't know the details of your application, but I would suggest that you take a look at RemoteCertificateValidationCallback to define a method to override the default certificate validation. In fact, if you don't really care about validating the server's identity, you can simply have your callback return true without doing any validation.

Espero que esto ayude.

respondido 13 mar '12, 08:03

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.