I have a WCF service that exposes two bindings: BasicHttpBinding and NetTcpBinding. Both bindings are secured with a valid Entrust SSL certificate.
Everything seems to work fine over HTTP, but am getting certification validation issues over net.tcp.
The client is configured to use the 'ChainTrust' certificate validation mode. This is the error thrown by WCF:
The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
I'm not very familiar with SSL certificates, but I've noticed the certificate was issued by an intermediate certificate. All the certificates in the chain have been installed on the server. On the client, the root CA certificate is trusted but the intermediate certificate is not.
If I install the intermediate certificate on the client, all is well. However, this doesn't sound right to me? Shouldn't only the Root certificate be trusted?
