Could not establish trust relationship for the SSL/TLS secure channel

[calum.m...@gmail.com]

I'm using SQL Server 2005 and trying to write a clr stored procedure
which uses the HttpWebRequest class to make an HTTPS request and
getting the following exception.

System.Net.WebException: The underlying connection was closed: Could
not establish trust relationship for the SSL/TLS secure channel. --->
System.Security.Authentication.AuthenticationException: The remote
certificate is invalid according to the validation procedure.<nl/>
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken
message<c/> AsyncProtocolRequest asyncRequest<c/> Exception exception)
<nl/> at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive
(ProtocolToken message<c/> AsyncProtocolRequest asyncRequest)<nl/>
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming<c/>
Int32 count<c/> AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer<c/>
Int32 count<c/> AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.StartReadFrame(Byte[] buffer<c/> Int32
readBytes<c/> AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer<c/>
AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive
(ProtocolToken message<c/> AsyncProtocolRequest asyncRequest)<nl/>
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming<c/>
Int32 count<c/> AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer<c/>
Int32 count<c/> AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.StartReadFrame(Byte[] buffer<c/> Int32
readBytes<c/> AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer<c/>
AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive
(ProtocolToken message<c/> AsyncProtocolRequest asyncRequest)<nl/>
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming<c/>
Int32 count<c/> AsyncProtocolRequest asyncRequest)<nl/> at
System.Net.Security.SslState.ProcessReceivedB...

This means the stored procedure could not authenticate the webserver's
SSL certificate.

I've found three ways of handling this situation in a regular C#
application, but couldn't get any of them work for a clr stored
procedure.

1. Setting System.Net.ServicePointManager.CertificatePolicy to a class
which implements System.Net.ICertificatePolicy.

2. Setting
System.Net.ServicePointManager.ServerCertificateValidationCallback to
a delegate which validates the server certification.

3. Importing the webserver's SSL certificate's CA certificate into the
Trusted Root Certificate Authorities of the current user.

1 and 2 are explicitly disallowed by SQL Server and 3 doesn't work.

I think the only option is to import the webserver's SSL certificate's
CA certificate into somewhere that SQL Server clr uses. So far I've
tried the Trusted Root Certificate Authorities section of the current
user, local machine and SQL Server service but none of them have
worked.

Does anyone know what I have to do to allow an HTTPS request to be
made by a clr stored procedure?

Thanks,
Calum

[Dan Holmes]

Do you have permissions set to EXTERNAL_ACCESS?

[calum.m...@gmail.com]

On Apr 27, 12:59 pm, Dan Holmes <dan.hol...@routematch.com> wrote:

Yes and trustworthy is set on in the database.

Thanks,
Calum

[Cube]

Hi Calum,

Did you get anywhere with this in the end? I'm encountering the same problems?