Security exception when wcf service server and client certificate is different than SSl certificate

0
votes

I am new to WCF and having a real tough time understanding the certificates authentication and encryption.

I have a WCF service which uses clientcredentialtype="Certificate".

I have generated the CA certificate, server and client certificate using makecert tool.

The service is hosted in IIS.

When I use SSl for my site I am getting a security exception:

Could not establish trust relationship for the SSL/TLS secure channel with authority 'fqdn;. 
System.Net.webException: The underlying connection was closed: 
Could not establish trust relationship for the SSL/TLS secure channel. ---> 
System.Security.Authentication.AuthenticationException: The remore 
certificate is invalid according to the validation procedure.

The SSl certificate and the WCF certificates are from different certification Authorities.

Why is the security exception being thrown?

How the communication is happening between the client and server and which certificates are being used? I am really confused. Any help will be appreciated.

1
c#wcfsecuritysslhttps

1 Answers

0
votes

The MakeCert tool creates self-signed certificates which are not trusted by default as there is no signature from a certificate authority attesting to the legitimacy of the information on the certificate.

When your client goes to connect, unless certificate validation is disabled or you roll your own checking scheme, then using the typical validation procedure will fail. That is, your certificate is not trusted by a root CA through a certificate trust chain.