I created wcf service that should work with using certificates. My test where I’m using self signed certificates works perfect, but all changes when I’m trying to run it on the server, where certificates generates by CA. I generated client and server certificates by using CA, and after that I exported server certificate to “Trusted people” folder. (Both certificates I placed to LocalMachine directory). Also I have granted all necessary permissions to certificate.
The problem appears when I’m running client program where I'm getting exception:
The X.509 certificate CN=xxxx is not in the trusted people store.
Here is my server config
<services>
<service behaviorConfiguration="MyServiceBehavior" name="PoswsService">
<endpoint address="http://xxxx/PoswsService.svc" binding="wsHttpBinding" bindingConfiguration="MyServiceBinding"
contract="IPoswsService" />
<endpoint address="http://xxxx/mex" binding="mexHttpBinding" name="MetadataBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="Online"/>
</clientCertificate>
<serviceCertificate findValue="xxxxxxxxxxxxxxxxxxxxx" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySerialNumber" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="MyServiceBinding">
<security>
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
Here is client config
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IPoswsService"
bypassProxyOnLocal="false" transactionFlow="false" >
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://xxxx/PoswsService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IPoswsService"
contract="TestService.IPoswsService" name="WSHttpBinding_IPoswsService" behaviorConfiguration="CustomBehavior">
<identity>
<certificate encodedValue="long word" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate findValue="xxxxxxxxxxxxxxxxxxx" x509FindType="FindBySerialNumber" storeLocation="CurrentUser" storeName="My"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
Did someone know where can be my mistake ?
Best Answer
Trusted People is one of several certificate stores that exists on Windows. In the start menu, search for Manage computer certificates, and you'll find it. Just install the certificate to that location.