Thursday, December 6, 2012

Could not establish trust relationship for the SSL/TLS ...

If you are consuming a web service in Biztalk and calling it through ports, etc you may come across a certificate for a wsdl that's out of date or wrong in some other way. in this case you get the following error;

"Could not establish trust relationship for the SSL/TLS ... "

In code its easy enough to bypass this by trusting all certs.


      //Trust all certificates      System.Net.ServicePointManager.ServerCertificateValidationCallback =
     ((sender, certificate, chain, sslPolicyErrors) => true);

However in Biztalk its much harder; I tried adding this code in an expression shape but had no luck. After searching around a bunch I found the following server wide solution. Add the following to your BtsNtSvc.exe.config (see bold):

<?xml version="1.0" ?>
<configuration>
<system.net>
<settings>
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
</settings>
</system.net>

...


Obviously this is really risky security wise; only use it for development.


No comments:

Post a Comment