WCF WSHttpBinding Certificate PeerTrust

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • =?Utf-8?B?Umljaw==?=
    #1

    WCF WSHttpBinding Certificate PeerTrust

    I am developing a WCF based app on Vista using IIS 7.0 but it will be
    deployed on Microsoft Server 2003 with IIS 6.0. The app uses WSHttpBinding
    and mutual Certificate authentication. The app works fine in the Vista IIS7.0
    environment, but when moving it to the test environment that matches
    production, I cannot get certificate authentication to work. I get the
    following error: "The certificate that was used has a trust chain that cannot
    be verified. Replace the certificate or change the
    certificateVali dationMode."

    The strange this is that I have the certifcateValid ationMode set to PeerTrust.
    <serviceCredent ials>
    <clientCertific ate>
    <authenticati on certificateVali dationMode="Pee rTrust"
    trustedStoreLoc ation="LocalMac hine" />
    </clientCertifica te>
    <serviceCertifi cate findValue="AdcB ehindTheFirewal l"
    storeLocation=" LocalMachine" storeName="My"
    x509FindType="F indBySubjectNam e" />
    </serviceCredenti als>

    I also tried changing certificateVali dationMode="Non e" and still got the
    same error.

    Any ideas on what may be wrong in the Server 2003 environment?

    Tags: certificatevalidationmode, ssl peertrust
    • =?Utf-8?B?Umljaw==?=
      #2
      RE: WCF WSHttpBinding Certificate PeerTrust

      I have a bit more information regarding my issue. When testing the services
      in Vista I was using certificates created with the MakeCert command. When
      running the services on Server 2003, the certificates were created by the
      client's IT department. One difference, is that my certificates were
      self-signed while the certificates they created are signed by a root
      authority. I moved the MakeCert generated certs to Server 2003 and the
      service works with one setup difference. I had to put the public key cert not
      only in the Trusted People store on the client, but also in the Trusted Root
      CA store on the client. I am not sure why I had to do that since I am using
      PeerTrust and did not have to do that on Vista.

      Any idea on why the I have to put the cert in the Trusted Root CA store on
      the client?

      "Rick" wrote:
      I am developing a WCF based app on Vista using IIS 7.0 but it will be
      deployed on Microsoft Server 2003 with IIS 6.0. The app uses WSHttpBinding
      and mutual Certificate authentication. The app works fine in the Vista IIS7.0
      environment, but when moving it to the test environment that matches
      production, I cannot get certificate authentication to work. I get the
      following error: "The certificate that was used has a trust chain that cannot
      be verified. Replace the certificate or change the
      certificateVali dationMode."
      >
      The strange this is that I have the certifcateValid ationMode set to PeerTrust.
      <serviceCredent ials>
      <clientCertific ate>
      <authenticati on certificateVali dationMode="Pee rTrust"
      trustedStoreLoc ation="LocalMac hine" />
      </clientCertifica te>
      <serviceCertifi cate findValue="AdcB ehindTheFirewal l"
      storeLocation=" LocalMachine" storeName="My"
      x509FindType="F indBySubjectNam e" />
      </serviceCredenti als>
      >
      I also tried changing certificateVali dationMode="Non e" and still got the
      same error.
      >
      Any ideas on what may be wrong in the Server 2003 environment?
      >

        Comment

        Previous template Next
        Working...