Home/ Questions/Q 7931535
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T20:44:53+00:00

I have a website, wcf service, and a security token service (STS) running on

  • 0

I have a website, wcf service, and a security token service (STS) running on one server. Everything works great. I am now trying to now seperate the peices across servers. When the website trys to login to get the token I get ssl cert errors.

This would be on Server 2008 and IIS 7.5 and my windows 7 IIS 7.5 while i debug.

An error occurred while making the HTTP request to https://x.x.x.x/STS/issue/wstrust/mixed/username. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by...

I generated a self signed cert on the STS server and exported it to the website server. I also exported the key and gave IIS access to the key on the website server. That got past a bunch of WIF errors, it would not run, but I’m not sure that its the right thing to do.

I also have tried [netsh http add sslcert ipport:0.0.0.0:44400 ect…] but im not sure what port to use, ive tried a half dozen different ones and none seem to work, and 443 wont work.

The website is using a WSTrustChannelFactory to create the connection. It bombs on the channel.issue command at the bottom.

 var factory = new WSTrustChannelFactory(
                 new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                 new EndpointAddress(signInEndpoint));
             factory.TrustVersion = TrustVersion.WSTrust13;

             factory.Credentials.UserName.UserName = userName;
             factory.Credentials.UserName.Password = password;

             var channel = factory.CreateChannel();

             var rst = new RequestSecurityToken
             { 
                 RequestType = RequestTypes.Issue,
                 AppliesTo = new EndpointAddress(realm),
                 KeyType = KeyTypes.Bearer
             };


             try
             {
                 var genericToken = channel.Issue(rst) as GenericXmlSecurityToken;

** EDIT **

I’ve also set website servers iis default website https bindings port 443 to use the cert that i imported from the STS server and get the same error.

** End Edit **

I’ve been all over google and stackoverflow and while many questions seem to be close, none of the approved answers have worked.

Ideas? I’m a server/hardware noob so the “for dummies version” would be nice.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since u are using a self signed certificate, have u made sure to turn off Certificate Chain Validation or else add it to the trusted store. It looks like u are using the url of IdentityServer, in there u can turn off strong endpoint requirements and on the client use a UserNameWSTrustBinding with only message security.

    • 0