How to provide intermediate certificates for client certificate in WCF service client
I am trying to connect to SOAP service that requires client certificate. I added WCF web service reference to my project and wrote following code:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var certificate = new X509Certificate2("transport.p12", "password");
var client = new SomeServiceHelloClient(new BasicHttpsBinding(BasicHttpsSecurityMode.Transport)
{
Security =
{
Transport =
{
ClientCredentialType = HttpClientCredentialType.Certificate
}
}
}, new EndpointAddress("https://some-service.com/Hello"))
{
ClientCredentials =
{
ClientCertificate = {Certificate = certificate}
}
};
await client.OpenAsync();
var response = await client.HelloAsync();
transport.p12 is PCKS12 keystore file that contains private key and certificate chain. This code works but only when root and intermediate certificates are installed in Windows certificate store (these certificates are included in transport.p12 file). When these certificates are absent in certificate store I get following exception:
System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'some-service.com'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.
I don't want use system certificate store. Is it possible to provide intermediate/root certificates manually (without using certificate store) or do some custom validation?
asked on Stack Overflow Jun 26, 2020 by 
kkj
kkj0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0