Problem communicating with esocial webservice
I am having the following problem when communicating with esocial webservice, I am using C# so I added the webservice reference in my project and now I need to send an XML, and what I thought was: to establish a secure connection, I must first define a certificate, and open the connection, and then send the XML. For this I did as follows:
// Crio a variavel de envio de lote
ServicoEnviarLoteEventosClient enviarLote = new ServicoEnviarLoteEventosClient();
I have a small snippet of code that searches for the certificate in question on my computer place and Arrow it in this variable as follows:
enviarLote.ClientCredentials.ClientCertificate.SetCertificate(
x509.SubjectName.Name, store.Location, StoreName.My);
I open the connection:
enviarLote.Open();
Then I try to perform the send:
var resposta = enviarLote.EnviarLoteEventos(System.Xml.Linq.XElement.Load(caminhoXML));
But when trying an error is returned: Could not establish trust relationship for the SSL/TLS secure channel with authority
I have also installed the certificate chain provided by eSocial....
Could anyone help me ? In case anyone has doubts about the XML signature I can help...
2 answers
Thanks for the reference to my examples page, Leo!
I also created a page a while ago with tips on how to access the eSocial service, including some of the ones you posted in your question and answer. I will take advantage of the subject of your question to put these tips here, to help those with similar problems.
To access the eSocial Submission Service, in the restricted production environment, the URL must be this:
Also, according to the eSocial developer Guidance Manual v1.6. 3, page 83, item '7.9. Digital certification', it is also necessary to install on the machine that will access the service to chain of certificates issued on 06/02/2017 by Serpro, which are 3 certificates that can be obtained at this address:
Https://certificados.serpro.gov.br/serproacf/certificate-chain
According to item 02.03 from the eSocial Portal FAQ page, certificates must be installed in the order that they are arranged on that Serpro page, and:
the Brazilian Root Certificate Authority v5 must be installed in the root AC repository. The SERPRO V4 Certificate Authority and SERPRO Final V5 Certificate Authority must be installed in the intermediate AC repository.
Remembering that it is also necessary to have installed on the computer that will access the web service a valid digital certificate (A1 or A3, e-CNPJ or e-CPF), which must be used to access the service. A tip: When I started testing with eSocial, I spent almost a week banging my head to get the first access, when I finally discovered that in my case (E-CNPJ A1) it was necessary to select the option mark this key as exportable (Mark this key as exportable ) and install my certificate in the repository ( store) personnel (Personal ), from current user (current user ).
Regarding the code used to access the service, the service's binding (I used BasicHttpBinding or BasicHttpsBinding) must be configured to use SecurityMode = Transport (for HTTPS) and ClientCredentialType = Certificate (to specify a certificate), something like this:
var urlServicoEnvio = @"https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc";
var address = new EndpointAddress(urlServicoEnvio);
var binding = new BasicHttpsBinding(); //Disponível desde .NET Framework 4.5
// ou:
//var binding = new BasicHttpBinding(BasicHttpsSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var wsClient = new WsEnviar.ServicoEnviarLoteEventosClient(binding, address);
wsClient.ClientCredentials.ClientCertificate.Certificate = x509Cert;
var retornoEnvioXElement = wsClient.EnviarLoteEventos(loteEventosXDoc.Root);
wsClient.Close();
As for the Class WsEnviar.ServicoEnviarLoteEventosClient used in the code, was it created by Visual Studio by adding a Service Reference , using the same URL as the service, but adding the parameter ?singleWsdl :
In VS you can also add a reference to the service directly using the file Wsendloteevents-v1_1_0.wsdl available in the eSocial communication package (latest version 1.4.1), which is on the technical documentation page of the Esocial Portal.
This tool, add service Reference from VS, will create a client class to consume the web service, in the case of example WsEnviar.ServicoEnviarLoteEventosClient, which inherits the class System.ServiceModel.ClientBase .
You can also use the command line svcutil.exe , which will similarly create a client class by inheriting the System class.ServiceModel.ClientBase . Alternatively you can also use the command line tool wsdl.exe, older, for services from the time of .NET Framework 2, based on ASMX, which will also create a client class, but this time inheriting the class System .Web.Services.Protocols.SoapHttpClientProtocol . But in this case the code to consume the service would be a little different.
Following all these steps, access to the esocial web service should work.
To resolve the Secure Connection Issue, you must install the government certificate chain at:
Autoridades de Certificação Raiz Confiáveis
Remember, for each certificate be sure to put in this folder as I had forgotten.
For certificate chain Download go to:
Https://certificados.serpro.gov.br/serproacf/certificate-chain
The code structure I reported above is correct, sending will be performed if the XML is structured correctly, for valid XML examples go to:
I hope I collaborated with someone!