My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Tuesday, January 31, 2006
« SOAP tracing tools with support for HTTP... | Main | Install and configure Apache Tomcat/Axis... »

I am in the process of troubleshooting some connectivity issues between an Apache Axis based web service and a .NET (1.1) service consumer. I am not all the way there, but each step is bringing me closer to the solution. Here is an issue that I ran into and was able to resolve that I am documenting here in the hopes that others will learn from my mistake. BTW, this particular issue does not have anything with interoperability. Just with me taking some things for granted and not thinking through the process :-)

The service connection is over an SSL channel but I was getting an exception that informed me that “The underlying connection was closed. Could not establish trust relationship with remote sever”. What the message was telling me was that I was not even getting to the first step, which is establishing an active SSL connection with the remote service! But I could browse to and invoke the service over SSL from my browser!

The issue and the resolution to it was pretty straight forward once I thought through the issue. My Enterprise, like other large scale Enterprises, has its own Certificate Authority. As such the service was protected by a SSL certificate that was generated based on the Enterprise Certificate Authority. I could browse to the service with my browser, because I had installed the Enterprise Root Certificates into the browser some time ago. But that installation put the certificates into the Personal Store and not the Local Machine store. This is important since the web service consumer was NOT running under my credentials but was running under a low privilege service account.

The solution was to import the Root Certificates for my Certificate Authority into the “Trusted Root Certification Authorities” List for the Local Machine. And yes, I was absolutely positive that I DID trust this particular Root Certificate! Once I did that, I was good to go..

[Now playing: Chham Se Woh (Remix) - Dus]

1/31/2006 9:37 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink    Tracked by:
"Link Listing - February 4, 2006" (Christopher Steen) [Trackback]
Comments are closed.