Simple SSL WebService

Simple SSL WebService


I've got the following situation: i've got a web service in OutSystems that requires SSL; When i consume that Web Service (also in OutSystems) the URL is "https://...". When i try to call a method, the following error is displayed:
"The underlying connection was closed: Unable to connect to the remote server." (StackTrace:
at System.Net.HttpWebRequest.CheckFinalStatus()
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at ssxadvwapi_partner.WebClient3668.ws_token.Validate_Token(String Token, String Partner, Boolean& IsValid, String& Error_Code))

So, what's the problem here? Is it any server configuration (in IIS)?
Marco Mendonça.
When using web services with SSL (HTTPS) you must know that IIS and MS.Net make some extra validations and some strange erros may occur.

To disable certificates validation you need to configure you server or make some extra code. Below you have two samples for both opitions.

Inside your server's machine.config file you may change some properties :
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />

If this isnt't enough for your case, you may add these extra lines of code:
-define a class:
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy

public TrustAllCertificatePolicy()

public bool CheckValidationResult(ServicePoint sp,

X509Certificate cert,WebRequest req, int problem)
return true;
- use an object (instance of the previous class) before invoking the web service: ...
//your code
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
....//more code

There is a very insighful Microsoft article on this. Check it out in;en-us;823177

The cause of the problem is described as below

Beginning with the .NET Framework version 1.0 Service Pack 2 and with the .NET Framework version 1.1 and later, the name that is used on the HTTP request must match the name of the server that is issued with the SSL certificate. Earlier SSL certificates may no longer be accepted under certain circumstances. Also, the Certificate Revocation List (CRL) is now examined to make sure that the certificate has not been revoked.

Other scenarios exist also. For example, some networks use a different name-resolution scheme for internal versus external clients. In cases where the certificate is issued to a server with a public URL (such as and with intranet applications, the internal Domain Name System (DNS) Server provides a different name for the same server (such as Requests for this Web service over SSL may fail. This change is made to enhance the security of Web services that use SSL."

The Resolution Presented

- You can resolve this problem by using either of the following methods:• You can change the name-resolution scheme so that DNS provides the same name for a server. The same name for the server must be used whether the server is referred to from in the company or from outside the company.

For example, assume that a certificate has been issued to the URL Any Web service application that is referred from outside the organization is called by using the external DNS resolution schema ( When an intranet Web service application is called, the internal DNS translates the name of the site as Therefore, any request for the Web Service over SSL may fail unless you change the name-resolution scheme.

- The host name that is used when you add a Web reference to a Web service in the Web service client must be the same name as the name that the certificate is issued to. "

They also refer the WORKAROUND Fernando Matos described in the previous reply.


Daniel Lourenço