WCF authentication error with mutual SSL using certificates

yuri of angels

I am trying to use a service published by another company. The specifications for authentication and communication are:

  • Soap
  • HTTPS with two-way SSL authentication (2-way SSL)
    • Use the public certificate they sent us (which I use as ServiceCertificate)
    • Use the private certificate they created for us (which I use as ClientCertificate)
  • WS-Security with UsernameToken

Here is the code I have attached so far:

WSHttpBinding binding = new WSHttpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
binding.SendTimeout = binding.CloseTimeout = binding.ReceiveTimeout = binding.OpenTimeout = new TimeSpan(0, 15, 0); // 15 minutes

Uri uri = new Uri(input.ServiceAddress);
EndpointAddress endpointAddress = new EndpointAddress(uri);

// Client creation
using (Client client = new Client(binding, endpointAddress))
{
    client.ClientCredentials.ClientCertificate.Certificate = input.PrivateCertificate;
    client.ClientCredentials.ServiceCertificate.DefaultCertificate = input.PublicCertificate;

    client.Open();

    // Service call
    ResponseType response = client.ServiceCall(params);
}

I get this error when calling the service:

An error occurred while making an HTTP request to the service . This may be due to the server certificate not being properly configured with HTTP.SYS in the HTTPS case. This can also be caused by mismatched security bindings between client and server.

Things I've tried:

  • Add the following line of code: "System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;"
  • Register public certificate in port using netsh
    • Use this command: "netsh http add sslcert ipport=0.0.0.0:443 certhash= certificate thumbprint appid={ application GUID }"
    • Based on another problem we had in another project

I don't know how to fix this, I don't know anything about it! Have searched a lot and everything I've tried doesn't work!

yuri of angels

Harpen believes there are some network issues with our infrastructure. This service will take effect once our machine is out of the security layer.

I guess the certificate (maybe the key) didn't go through the network and I got that error (because it wasn't authenticating).

Related

ActiveMQ Mutual SSL Authentication

ejpb I'm trying to setup ActiveMQ for mutual authentication, i.e. the client will need a certificate to pass messages to the broker. I created the keystore and truststore on the proxy and exported the certificate that was copied to the client. On the client si

Restrict TLS mutual authentication to specific TLS certificates

username There is a PKI with a single CA that issues all the x509 certificates in my network. So on my network, all servers and clients have certificates from my CA along with private keys, which are stored in their corresponding keystores. Each server and cli

Restrict TLS mutual authentication to specific TLS certificates

username There is a PKI with a single CA that issues all the x509 certificates in my network. So on my network, all servers and clients have certificates from my CA along with private keys, which are stored in their corresponding keystores. Each server and cli

Restrict TLS mutual authentication to specific TLS certificates

username There is a PKI with a single CA that issues all the x509 certificates in my network. So on my network, all servers and clients have certificates from my CA along with private keys, which are stored in their corresponding keystores. Each server and cli

Restrict TLS mutual authentication to specific TLS certificates

username There is a PKI with a single CA that issues all the x509 certificates in my network. So on my network, all servers and clients have certificates from my CA along with private keys, which are stored in their corresponding keystores. Each server and cli

Restrict TLS mutual authentication to specific TLS certificates

username There is a PKI with a single CA that issues all the x509 certificates in my network. So on my network, all servers and clients have certificates from my CA along with private keys, which are stored in their corresponding keystores. Each server and cli

Restrict TLS mutual authentication to specific TLS certificates

username There is a PKI with a single CA that issues all the x509 certificates in my network. So on my network, all servers and clients have certificates from my CA along with private keys, which are stored in their corresponding keystores. Each server and cli

Grpc Java SSL Mutual Authentication

Belvia I am wondering what needs to be set in the GrpcSslContext to make the Grpc Client SSL authenticate with the server? Currently, the following code works for regular 1-way SSL authentication from server to client. on the server, SslContext sslContext = Gr

Grpc Java SSL Mutual Authentication

Belvia I am wondering what needs to be set in the GrpcSslContext to make the Grpc Client SSL authenticate with the server? Currently, the following code works for regular 1-way SSL authentication from server to client. on the server, SslContext sslContext = Gr

Grpc Java SSL Mutual Authentication

Belvia I am wondering what needs to be set in the GrpcSslContext to make the Grpc Client SSL authenticate with the server? Currently, the following code works for regular 1-way SSL authentication from server to client. on the server, SslContext sslContext = Gr

Grpc Java SSL Mutual Authentication

Belvia I am wondering what needs to be set in the GrpcSslContext to make the Grpc Client SSL authenticate with the server? Currently, the following code works for regular 1-way SSL authentication from server to client. on the server, SslContext sslContext = Gr

Why Certificates Are Not Secrets for SSL Authentication

qweruiop I'm reading about certificate based authentication in SSL and have a question about the process. (Picture was taken from the link above) The question is: why server.cerand client.cernot a secret. In this diagram, it appears that the communication is n

Why Certificates Are Not Secrets for SSL Authentication

qweruiop I'm reading about certificate based authentication in SSL and have a question about the process. (Picture was taken from the link above) The question is: why server.cerand client.cernot a secret. In this diagram, it appears that the communication is n

Using Mutual SSL with HttpRIO

Mysterious Boris If anyone knows how to use Mutual SSL with HttpRIO (SOAP). I'm using Delphi 10.3.2 The certificate key is also stored on the PKI card, but that's not the problem. I've tried many things but don't know what to do :( Any suggestions or codes are

What does mutual authentication in WCF mean?

v I'm learning WCF from Wrox Professional WCF using the .NET Book, and while reading the chapter on WCF security, I came across the term "mutual authentication" without any explanation. What does mutual authentication mean in the context of WCF? PS: There are

What does mutual authentication in WCF mean?

v I'm learning WCF from Wrox Professional WCF using the .NET Book, and while reading the chapter on WCF security, I came across the term "Mutual Authentication" without providing any explanation. What does mutual authentication mean in the context of WCF? PS: