Error: Cannot obtain Metadata from http ......?wsdl

I have been in the process of converting a http application to https and ssl with a self signed certificate.

for some reason i have to go in the browser to localhost:##### to start the service.

Once the service is started, i test it with the following call in the visual studio 2012 comman prompt:

svcutil.exe https://localhost:10201/?wsdl

and it comes back with

Error: Cannot obtain Metadata from https://localhost:10201/?wsdl

If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address.  For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.


WS-Metadata Exchange Error
    URI: https://localhost:10201/?wsdl

    Metadata contains a reference that cannot be resolved: 'https://localhost:10201/?wsdl'.

    Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:10201'.

    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

    The remote certificate is invalid according to the validation procedure.


HTTP GET Error
    URI: https://localhost:10201/?wsdl

    There was an error downloading 'https://localhost:10201/?wsdl'.

    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

    The remote certificate is invalid according to the validation procedure.

If you would like more help, type "svcutil /?"

Is this detremental to my sucess with HTTPS?

My config looks as such:

<system.serviceModel>

    <!--SERVICES-->
    <services>
      <service name="DuplexService.DuplexService"
         behaviorConfiguration="sb">

        <endpoint
           address="basic"
           binding="customBinding"
           bindingConfiguration="customDuplexBinding"
           contract="DuplexService.Interface.IDuplexServiceContract">
        </endpoint>

        <endpoint
            address=""
            binding="webHttpBinding"
            behaviorConfiguration="webHttpEndpointBehavior"
            bindingConfiguration="webHttpsBinding"
            contract="Interface.IPolicyRetriever">
        </endpoint>

        <endpoint
            address="mex"
            binding="mexHttpsBinding"
            contract="IMetadataExchange">
        </endpoint>

        <host>
        <baseAddresses>
          <add baseAddress="https://localhost:10201" />
        </baseAddresses>
        </host>
      </service>


    </services>


    <!--BEHAVIOURS-->
    <behaviors>
    <!--Policy-->
      <endpointBehaviors>
        <!-- For Policy Service -->
        <behavior name="webHttpEndpointBehavior">
          <webHttp  />
        </behavior>
      </endpointBehaviors>


<!--behaviour for all of the enpoints -->
      <serviceBehaviors>
        <behavior name="sb">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://localhost:10201"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <!-- This will solve a bug that happens if too many items are sent at once from the gateway to the client -->
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
          <serviceThrottling
          maxConcurrentCalls="200"
          maxConcurrentSessions="200"
          maxConcurrentInstances="200" />
        </behavior>
      </serviceBehaviors>
    </behaviors>



    <!-- BINDINGS-->
    <bindings>

    <webHttpBinding>
        <binding name="webHttpsBinding">
            <security mode="Transport">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </webHttpBinding>

      <customBinding>
        <binding name="customDuplexBinding">
          <pollingDuplex duplexMode="MultipleMessagesPerPoll"
               maxOutputDelay="00:00:01"
       serverPollTimeout="00:01:00"
       inactivityTimeout="02:00:00"
       maxPendingMessagesPerSession="2147483647"
       maxPendingSessions="2147483647" />
          <binaryMessageEncoding>
            <readerQuotas
              maxDepth="2147483647"
              maxStringContentLength="2147483647"
              maxArrayLength="2147483647"
              maxBytesPerRead="2147483647"
              maxNameTableCharCount="2147483647" />
          </binaryMessageEncoding>
          <httpsTransport
      maxBufferSize="2147483647"
      maxReceivedMessageSize="2147483647"
      transferMode="StreamedResponse" />
        </binding>
      </customBinding>



    </bindings>




    <!-- Register the binding extension from the SDK. -->
    <extensions>
      <bindingElementExtensions>
        <add name="pollingDuplex"
             type="System.ServiceModel.Configuration.PollingDuplexElement, System.ServiceModel.PollingDuplex" />
      </bindingElementExtensions>
    </extensions>
  </system.serviceModel>

How can i get rid of it? and make the metadata work and the GET work?

didnt help, but will be helpful for other pepole searching for the answer in the future

1 and 2 didn't work, 4 should be equivalent to 1. 3 doesn't work for me because I can't install fiddler due to access restrictions. Any other way?

@Juergen Supposedly 1 and 2 should always work. I just expanded directions on 2 as I get the feeling most people don't understand how. I'll also expand on 1 when I have a moment

At least 1) didn't work for me. Thought it should work, too, maybe I did something wrong? I created a self-signed certificate on the server side with CN=[Servername] and added it to the Trusted Root CAs in my Client. Still the same error. I couldn't really apply 2) because in my browser (IE) I got no certificate warning. Neither when navigating to the service (.svc), nor to the .wsdl file. I tried loading the .wsdl and applying svcutil on it but that returned in another error. In another thread I found that this probably wasn't the whole/correct wsdl file so I dropped it.

Ahh, couple things. First totally forgot this was svcutil and not vs generation. Instructions here. stackoverflow.com/a/4200321/897291. If the multi file wsdl/xsd stuff is giving you difficulty, you can generate a single file wsdl in .net 4.5+ by using localhost:port/some.svc?singleWsdl . About the CN, it needs to match the url you are using to access the service with. In many cases that's localhost for development. Also, its strange that you are not getting errors in IE, did you forget to put https into the url?

The ?singleWsdl looks like the one I downloaded earlier. CN matched the IP of the server I'm trying to access, although it wasn't localhost in my case. Also, I included https. Maybe I'm not getting the warning in IE because I added the certificate to "trusted CAs"; I'm not sure I tried it before adding it. I haven't had much time to look into this so for the moment I generate the contracts in a visual studio 2010 on a different machine where it works perfectly. I'll probably come back to this when I have the time.

1 didn't work, same error. Can't do 2 since this is a .NET Standard library. 3 didn't work, same error. Not enough details to know how to try 4.

@Justin, this is an answer to a circa 2012 WCF visual studio tooling question. Are you using svcutil.exe ? If no, this answer isn't intended to be a general purpose thig.

@KennethIto Yes I'm using svcutil.exe, I know it's outdated to use SOAP but we are converting a class library that consumes a SOAP API from .NET Framework to .NET Core, so can't use the Visual Studio SOAP web references any longer. I was able to get it working eventually, just had a hard time downloading the WSDL.