I have 2 services that need to communicate back and forth. Service1 is WCF hosted in IIS 7.5. Service2 is Java hosted in Wildfly. Both services require a client cert as part of the two-way (mutual) SSL connection between them. The certs used by both services were generated all from the same Certificate Authority.
Service2 (Java) is able to invoke Service1 (WCF) without any problems. The certificates are passed and the message flows correctly between them.
Service1 (WCF) is unable to invoke Service2 (Java). In this interaction the WCF service logs state: “…SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority ‘’. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.”
Looking at this exception, it leads me to believe that Service1 (WCF) is not providing its client cert to Service2 (Java). I tried to add the client cert to Service1 (WCF) by adding a < clientCredentials > section to Service1’s behaviors, but I’m not sure if that is the correct way to do it within IIS.
To prove my theory I have a self-hosted WCF service (not running in IIS) which runs on the same machine as Service1 (WCF in IIS). Using the same certs, I am able to invoke Service2 (Java) without issue.
Does anyone know how to configure a WCF service in IIS 7.5 to provide a client certificate when it calls out (to another service)?
BTW I have already tried using separate certs for the “server” and “client” sides of Service1 (WCF). This didn’t resolve the issue.
