Search code examples
c#sslcertificatex509handshake

No client certificate was presented during SSL Handshake

I'd like to ask for explanation. I am using X.509 certificate, and when I tried to post my data to a webservice which I want to communicate with, I am getting the following error: "

No client certificate was presented during SSL Handshake

can you please explain me what is the issue?

NB: I am using .NET Framework 3.5 / C#

What I did exactly is: First I imported the certificate into the store, then I used the code below in order to find it and then recieve the token (using AskForToken function). However, when I send with my data, I got handshake failure.

My first question is why I succeed to get token (if I am not mistaken, the client (which is my application) sent the certificate to the server and got the token, which means the connection has been done well)?

My second question, what do I have to change or check to get rid of this handshake failure.

private static string RequestSecurityToken()
        {
            WSTrustChannelFactory trustChannelFactory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(
                        new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                        new EndpointAddress(new Uri(stsAddress)));

            trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;

            string thumb = "fe14593dd66b2406c5269d742d04b6e1ab03adb1";
            trustChannelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, thumb);
            trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
            cert = trustChannelFactory.Credentials.ClientCertificate.Certificate;

            var tokenString = AskForToken(serviceURL, trustChannelFactory);
            trustChannelFactory.Close();
            return tokenString;
        }
Solution

  • SSL has a possibility to demand client authentification. So the Client (your application) has to send a certificate that the Server trusts before the connection is established. It seems that this client authentification fails, because your application doesn´t send such a certificate.

    Depending on the webservice you try to use it won´t be possible to create such a certificate, because the server only trusts application from e.g. a certain company.