SSL certificates: No Client certificate key exhange
I am trying to access a WCF web service, that is using two way SSL encryption. When I try to call the service I get a
System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'XX开发者_StackOverflowX.xx'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
I have tried activating wire shark, to see what is sent to and from the server: I see a client hello and a server hello. But there is no client response to the server hello. I was expecting a
"Certificate. Client key exchange. Change cipher. Encrypted handshake Message"
package, but none is sent. I'm thinking it is a problem with the certificate sent by the server, that somehow my client server does not trusy it.
Here is what I have already tried: I have created the certificate, through the proper authority, though I could have made a mistake in the certificate request without knowing it. I have added the two root certificates to: trusted root certificates, trusted publishers and trusted people. I have also added the client certificate to trusted people. My colleague has succeded in establishing connection on a win 2008 server (i'm using a 2003, because it is necessary for some odd reason - don't ask). I can't see any differences in our approach, so i'm a bit lost.
Any help would be greatly appreciated.
I resolved this issue:
It turn out that the app-pool did not have read permission on the private key of the certificate. We changed the app-pool to local system (I believe) and it resolved the problem.
精彩评论