GP Web client error with SSL/TLS

We have already seen the cross domain issue with the previous post. Here the security issue with SSL/TLS to establish trust relationship to session central service.


An error occurred during session monitoring: ‘System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority ‘’. —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

The web application ssl has been configured in IIS, but we have to create the trust certification access from windows certificate manager console.
Hove to copy the SSL certificate from personal to “Trust Root Certificate Authority” section. Now the service certification will be authorized to establish the connection.

1. Go to Run command and type certmgr.msc.

2. Now expand the Certificate–>Personal -> Certificate

3. Select the web site certificate which is installed on IIS. Right click and copy the certificate

4. Now expand the Certificate–>Trusted Root Certification Authorities -> Certificate. Right click and past it

6. Now enter the GP web client url.

Cross Domain Error in Dynamic GP 2013 Web Client

The cross domain error would be occurred on Silverlight. Because distinct URL has been configured on session central service, session service and run time service.

Severity: Critical
Summary: An error occurred while initializing communication with the server.
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See

Scenario 01:
For example I have configured session central and session service with out SSL and runtime service with SLL, in my scenario looks like;
Here the service URL has been configured in same domain.

http://gpserver:48650/SessionCentralService (without SSL)
http://gpserver:48651/SessionService (without SSL)
https://webclient.sathiya.local:48652/ (SSL mandatory for GP web client Runtime service)

Scenario 01:
If suppose the web client is accessible thought internet and configured public url then the Runtime service will be configured like
So the silver light wont communicate between cross domains.

http://gpserver:48650/SessionCentralService (Local url)
http://gpserver:48651/SessionService (Local url)

So you have to configure all three service url should be in same domain. Either it would be local FQDN urls or public urls,

https://webclient.sathiya.local:48650/SessionCentralService (without SSL)
https://webclient.sathiya.local:48651/SessionService (without SSL)

(or) (Local url) (Local url)

Security issue may happen after installed this setup. To resolve Web client error with SSL/TLS