I have a micro service, M1, that requires a client certificate. When a request comes in via HTTPS I recive the X509Certificate2 in the HttpContext.Connection.ClientCertificate property. The micro service carries out authentication based on this certificate.
M1 then needs to call another micro service, M2 and the call needs to be made using the client certificate passed to M1 so that M2 treats the call as coming from the same user. I've created a HttpClient in M1 and attach the certificate to it via a HttpClientHandler. However, when I make the call into M2 it fails with the error The decryption operation failed.
I'm no expert on security but I'm guessing this is something to do with the public/private keys used to decrypt the certificate? Is it valid to have a micro service use a client certificate it has received to try and authenticate with another micro service, and if so then how do I go about using the certificate in M1 to authenticate with M2.
Have you tried certificate forwarding? It is well described here