I am trying to enable SSL for some of our WCF services (I followed this as I am self hosting) and at one point it was all working, but then it just stopped.  Because I have make a metric-crap-ton of changes over the course of my exploring and because I am still relatively green when it comes to anything past basic WCF configuration I was not sure what to do.

The error message I was getting was:

Error: Cannot obtain Metadata from https://gskrtm1:9998/ServiceEndpointHere If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address.  For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error    URI: https://gskrtm1:9998/ServiceEndpointHere    Metadata contains a reference that cannot be resolved: 'https://gskrtm1:9998/ServiceEndpointHere'.    An error occurred while making the HTTP request to https://gskrtm1:9998/ServiceEndpointHere. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.    The underlying connection was closed: An unexpected error occurred on a send.    Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.    An existing connection was forcibly closed by the remote hostHTTP GET Error    URI: https://gskrtm1:9998/ServiceEndpointHere    There was an error downloading 'https://gskrtm1:9998/ServiceEndpointHere'.    The underlying connection was closed: An unexpected error occurred on a send.    Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.    An existing connection was forcibly closed by the remote host

After looking over my config file for quite some time and feeling really good about how it was setup I decided to retrace all my steps.  In doing this one of the things I did was to verify that my SSL cert was still active on my system (hell for all I knew my cert was only good until I rebooted.  I doubted this, but you never know).  When I ran ‘netsh http show sslcert’ (more info here on this) from the command line I received this:

The first thing I noticed was the port I was using to setup my SSL cert, port 9997.  It then hit me, my SSL cert was on one port and my endpoint was being hosted on another.  Once I changed my endpoint to be on the correct port and it WORKED!!!!

The moral of the story is this.  When using SSL and your certs are assigned to a particular port make sure you are using this port in your endpoint hosting if not you may get the exception I received above.

Till next time,