I am calling a web service and need to provide a certificate for client authentication. But for some reason I cannot figure out why the certificate is not send when the server requests for it.
I tried different suggestions from several forums around all possible settings for the bindings and behaviors. But whatever I tried when inspecting the "Certificate" packet in Wireshark the certificate part stays empty.
I created a certificate for the server (.cer) and a certificate for the client (.pfx) See zip file. On the server the .cer file is installed and marked as being a valid certificate for authentication.
I have installed the .pfx certificate in my certificate store (LocalMachine\My) the password is 'pvp'.
My client config is (and I already tried several different settings all with the same result):
<system.serviceModel>
<client>
<endpoint name="IgjEndpoint"
address="https://tekortkomingen-wvggz.webservices-dbb-acc.igj.nl/"
binding="customBinding"
bindingConfiguration="test"
behaviorConfiguration="IgjEndpointBehaviorConfig"
contract="IGJReference.WebserviceTekortkoming">
</endpoint>
</client>
<bindings>
<customBinding>
<binding name="test">
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<security authenticationMode="CertificateOverTransport" />
<httpsTransport requireClientCertificate="true" realm="" useDefaultWebProxy="false" />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="IgjEndpointBehaviorConfig">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine" findValue="CN=PVP-SelfSigned-ClientCert-Acc" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
When I make the call to the web service I get a securitynegotiationexception "Could not establish secure channel for SSL/TLS with authority" which for as far as I know is the result of the certificate not being sent. When I make the call with postman it succeeds.
I have the wireshark output for postman and my application here. Looking at the postman output you will see that the server's certificate request on line 1877 contains the "PVP-SelfSigned-ClientCert-Acc" as an acceptable CA. And at line 2189 my client certificate is send to the server.
But in the wireshark output when calling it from my application you still see that the server's certificate request on line 1745 contains the "PVP-SelfSigned-ClientCert-Acc" as an acceptable CA. But on line 1959 there is no certificate being sent, however when I look at the request object when debugging I see the certicate is there in my request object under "client.ClientCredentials.ClientCertificate"
The last 5 days I have been searching the internet for possible causes and solutions to my problem but I had no luck so far with all the suggestions I have tried. I hope someone with more expertise can make something out of the wireshark output and help me out?
In addition in my .net code I just do the following
var client = new WebserviceTekortkomingClient("IgjEndpoint");
var response = client.RequestTekortkomingen(new RequestTekortkomingen());
On the second line it fails on the connection.
Finally figured this one out. The other party needed to trust the root CA from our client certificate