Hello,
I work for a software development company. Our software connects to our servers through HTTP and HTTPS connections exclusively. One of our clients has configured their network using a MicroTik firewall, and the first time they run our software with the so-called “Walled Garden” enabled, HTTPS connections fail with the message:
System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority ‘servername.iqmetrix.net’. —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
If they turn off the Walled Garden, this error does not appear. One thing that is very odd is that, after having worked once without the Walled Garden, if they turn it back on, it keeps working. It only fails if it has not yet already worked once. Presently, though, the only way to make it work once is to disable the Walled Garden.
My best running theory at present is that the Walled Garden transparent proxy is damaging the certificate in some way, and that when it is disabled and the connection works, the underlying system libraries involved in the SSL connection are, for performance purposes, caching something to do with trust chain verification. Once that bit is cached, the damage to the certificate is overlooked, but if it isn’t already there, the full trust chain verification fails. This is just a theory, though, and is based on my limited understanding of the SSL negotiation and certificate mechanisms.
I am wondering if anybody has experienced anything similar to this, and maybe knows of a solution or work-around that doesn’t involve disabling their entire web filter/firewall temporarily – preferably something that could be automated in some way or maybe even integrated into the source code for our application. Do these symptoms ring a bell for anybody?
Thanks,
Jonathan Gilbert