However, when my server makes a call to the SOAP service reference with a call like
response = service.RetrieveLog(bankUser, request) I get the following error:
This is related to a security fix applied in the same time CodeFirst services were introduces.
From documentation:
Note: Up to and including Version 9.0, by default these channels will accept non-trusted SSL certificates. It is strongly recommended to always implement a custom certificate validation method as described. As of version 9.1, self-signed certificates will be rejected by default.
My server is Tcp. I can call it just fine. Within the service I have a separate Service Reference which uses an HTTPS address for the call to its SOAP server. This is where I get the “Could not establish secure channel for SSL/TLS with authority ‘services.commercemanager.com’.” error, on the call from my server to the third part SOAP server.
I can open the HTTPS SOAP service url in a browser just fine.
Also, an earlier version of my server that was developed with RO 8.X also works.
I have to maintain this server and do not want to be rolling between 8 and the newer RO.
I believe something in the 9.X is stomping on the WCF connection. I do see that on start up,
server.AutoCreateSelfSignedCertificate is appearing to access the <system.serviceModel> of my app.config. Should it? This section deals strictly with my WCF SOAP calls out of the server.
The links you provide deal with using a certificate on the local system. This is a straight HTTPS call so the cert is on the SOAP server I am calling.
Actual certificate check is performed on the system client app is running on.
Still RO SDK contains no code that could interfere with WCF framework. The app.config access you see is the ApplicationServer class trying to read the server configuration form the .config file.
Could you check that all RO SDK references have the Copy Local flag set to true?
If it is not and setting them to true won’t thelp than I would need a testcase to investigate the issue locally.
After much wailing and gnashing of teeth, I finally found the answer.
From MSDN:
“The .NET Framework 4.6 includes a new security feature that blocks insecure cipher and hashing algorithms for connections. Applications using TLS/SSL through APIs such as HttpClient, HttpWebRequest, FTPClient, SmtpClient, SslStream, etc. and targeting .NET Framework 4.6 get the more-secure behavior by default.”
Apparently you must set the TLS/SSL you need to use. The SOAP server we are using requires TLS 1.2.