Unsuccessful callback to https://localhost/__RevaleeRecurring.axd/a856048816be4ea086488070b8018834 with status 'TrustFailure'. [049abe50-1e99-4756-849d-007d592fdba5]

[chrisdpratt]

This seems to be an issue with HttpClient attempting to access a URL with an invalid cert. Obviously, the cert applied to the site is going to be tied to a specific domain, not localhost, so connecting to localhost to run recurring callbacks will always fail. HttpClient should be configured to ignore certificate errors.

[BrianMullin]

Would you like to try to change the serviceBaseUri from localhost to the name of certificate? That way the trust between services stays intact.

In the web.config, the serviceBaseUri can be changed. (Be sure to register the new HTTP listener with Windows -- see "Installation Notes.txt" for more info on syntax)

<revalee>
 <clientSettings serviceBaseUri="http://localhost:46200" 

[chrisdpratt]

Sorry, but I'm not sure what you're talking about. Revalee is running, by default, on http://localhost:46200. There is no cert applied there. However, the website is bound to all on 443. The certificate applied is for a specific domain, obviously, so if you access the website over localhost, the cert is by nature invalid, because localhost != CN of the cert. I don't need to change the serviceBaseUri. That's fine.

Oddly, to skirt the issue, I added an HTTP binding and changed my Web.config to call that instead of the HTTPS version. This should remove the invalid cert issue, but now Revalee doesn't seem to be loading any of the recurring tasks at all.

[BrianMullin]

My apologies, I was giving advice on configuring the Revalee Service listener. To configure the callback domain name, you can change the recurringTasks element. For example, if your certificate CN was sample.com, then you could callback your web application on port 443 by specifying the following:

<revalee>
    <recurringTasks callbackBaseUri="https://sample.com">

That way, the Revalee Service should issue an HttpClient request to https://sample.com/__RevaleeRecurring.axd instead.

[chrisdpratt]

Ugh. I've been working too much today, and my brain is apparently a dried raisin. So, the issue with non-SSL was 1) I didn't authorize the particular port I was using in the Revalee config and 2) I am requiring HTTPS site-wide.

After playing around a bit, I realized I could edit the hosts file on the server to map requests to the domain from the server to localhost, and then, I could actually use the fully-qualified domain name for Revalee (the domain is not actually pointed at the server yet). Still, it would be better if I could simply use the server IP and Revalee would simply ignore any SSL errors.

Thanks for your help.

[BrianMullin]

If you would like to configure the Revalee Service to ignore (at least some) SSL errors, then you can modify the Revalee.Service.exe.config file.

 ...
+   <system.net>
+       <settings>
+           <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
+       </settings>
+   </system.net>
 <configuration>

Changes could also be made to the source of the Revalee Service. /Revalee.Service/WorkManager.cs

 ...
        private static HttpWebRequest PrepareWebRequest(RevaleeTask task)
        {
+           ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => { return true; };
+           ServicePointManager.CheckCertificateRevocationList = false;

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(FormatCallbackRequestUrl(task.CallbackUrl));
 ...