Fail to run the Repository & Registry Host services (x509 certificate issue)

Jan 23, 2008 at 11:53 PM
Hi there,

I'm following the steps described in "XDS.b Reference Implementation Build and Deployment Guide",

I managed to got through building the code and installing the window-services but bumped into problem when trying to verify the service through IE - the browser just says "couldn't find the webpage" (NOTE: I've changed the base address and endpoints to point to my local machine and port).


Curious, I ended up writing a console host app for each service and dump the code from window-service OnStart event into the console main function, and try to step through the code. In my console app, these are the snippet that are causing the problem :

try
{
_serviceHost = new ServiceHost(typeof(DocumentRegistryService)); ------> PROBLEM!!
_serviceHost.Open();


It throws exception with this following detail:

System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'Root', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue '824aced4b7600d8547eceec02c3c86ea6d23cb2f'.
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(X509CertificateRecipientServiceCredential cert)
at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(ServiceCredentials behavior)
at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
at System.ServiceModel.Description.ConfigLoader.LoadBehaviorsT(ServiceModelExtensionCollectionElement`1 behaviorElement, KeyedByTypeCollection`1 behaviors, Boolean commonBehaviors)
at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
at XDSRegistryConsoleHost.Program.Main(String[] args) in C:\Dev\Projects\IHEATNAXDS\Code - CodePlex\Version1\ConsoleHost\XDSRegistryConsoleHost\Program.cs:line 23


I guess my question is wow do I setup the X509 certificate for this application (or if it's possible can I just get rid of this entry from the services' App.Config ?

Thanks,

Henky
Developer
Feb 4, 2008 at 1:28 AM
Edited Feb 4, 2008 at 1:30 AM
Hi henkya.

There is a way to fix this. We were probably using the certificates used for Connectathon, and the configuration slipped to Codeplex.

The easiest way to get this fix from the top of my head, is to make sure that you're using the non-tls binding: XDSRegistryHTTPEndpoint, XDSRepositoryHTTPEndpoint on both services.

Remember that in the Repository, you have to setup both the server binding (for the repository service), and the client binding (for the registry calls).

Please let me know if that helps.

Cheers, Wagner.


henkya wrote:
Hi there,

I'm following the steps described in "XDS.b Reference Implementation Build and Deployment Guide",

I managed to got through building the code and installing the window-services but bumped into problem when trying to verify the service through IE - the browser just says "couldn't find the webpage" (NOTE: I've changed the base address and endpoints to point to my local machine and port).


Curious, I ended up writing a console host app for each service and dump the code from window-service OnStart event into the console main function, and try to step through the code. In my console app, these are the snippet that are causing the problem :

try
{
_serviceHost = new ServiceHost(typeof(DocumentRegistryService)); ------> PROBLEM!!
_serviceHost.Open();


It throws exception with this following detail:

System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'Root', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue '824aced4b7600d8547eceec02c3c86ea6d23cb2f'.
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(X509CertificateRecipientServiceCredential cert)
at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(ServiceCredentials behavior)
at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
at System.ServiceModel.Description.ConfigLoader.LoadBehaviorsT(ServiceModelExtensionCollectionElement`1 behaviorElement, KeyedByTypeCollection`1 behaviors, Boolean commonBehaviors)
at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
at XDSRegistryConsoleHost.Program.Main(String[] args) in C:\Dev\Projects\IHEATNAXDS\Code - CodePlex\Version1\ConsoleHost\XDSRegistryConsoleHost\Program.cs:line 23


I guess my question is wow do I setup the X509 certificate for this application (or if it's possible can I just get rid of this entry from the services' App.Config ?

Thanks,

Henky

Feb 5, 2008 at 10:27 AM
Hello Henky,

I have the same problem as you are describing. I was able to create my own OpenSSL certificate and i connected it to port 8443. It seems I have installed my certificate correct, but still I get the error "couldn't find the webpage" in explorer.

Maybe this will help you further:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2773696&SiteID=1

my question to you is: I was wondering how you were preparing this console, to test it outside of the browser. Can you provide me something?

Harold


henkya wrote:
Hi there,

I'm following the steps described in "XDS.b Reference Implementation Build and Deployment Guide",

I managed to got through building the code and installing the window-services but bumped into problem when trying to verify the service through IE - the browser just says "couldn't find the webpage" (NOTE: I've changed the base address and endpoints to point to my local machine and port).


Curious, I ended up writing a console host app for each service and dump the code from window-service OnStart event into the console main function, and try to step through the code. In my console app, these are the snippet that are causing the problem :

try
{
_serviceHost = new ServiceHost(typeof(DocumentRegistryService)); ------> PROBLEM!!
_serviceHost.Open();
....

I guess my question is wow do I setup the X509 certificate for this application (or if it's possible can I just get rid of this entry from the services' App.Config ?

Thanks,

Henky