CleanCode NZ

When you use WCF transport and message security, you will inevitably have to deal with a service certificate. Here I am going to list a few problems you might have when using service certificate and their normal error messages

There is one exception in the use of service certificate, which is using message security with none authentication(anonymous) , the requirement of that certificate is quite relaxed. Because it  is not using real TLS nego  but SPNego protocol when there is no client authentication involved. I find it that any valid certificate will be accepted by client. Otherwise the service must match following conditions to be happily consumed by clients

Read the rest of this entry »

When you try to use a service certificate in WCF namely message security, you might have an error :

Keyset does not exist

Or in a detailed manner the message could be:

It is likely that certificate ‘CN=xxx’ may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail.

Read the rest of this entry »

When you implement client certificate authentication in IIS(7.5), you might get Error 403.7, and in the client side the error message looks like

The HTTP request was forbidden with client authentication scheme ‘Anonymous’.

While you have done everything according to the books, you attached a valid certificate from client side, and its Root is  indeed installed in Trusted Root Certificate Authorities on server. No matter what you do you keep getting 403.7 error from IIS.

Read the rest of this entry »