I've setup a custom SSL binding via netsh http add sslcert. This binding has the clientcertnegotiation parameter enabled, which causes the HTTP.sys subsystem to issue a client certificate request during the SSL handshake phase.
All good till here, the client certificate is requested and it is also sent by the client. The issue is that this particular certificate has passed its expiration date.
Common sense dictates that the expiration validation should be done at this level. Is there any particular option/setting that can make this happen?
Otherwise, it should probably be handled in the WCF application that's behind this binding - which is a whole different question.
Ended up doing the validation in my code by using a custom X509 certificate validator.
Just get the certificate and check the dates.