I have a pair of client and server apps who use wcf in order to pass data one way from the client to the server and it has to happen in custom binding with https and X509 certificate authentication for both, after setting configuration to "certificateOverTransport" and setting the requireClientCertificate to true on both sides the client traces the following exception to svclog:
bad HTTP response The HTTP request is unauthorized with client authentication scheme 'Anonymous'.
and the server side traces the following warning:
The client certificate is invalid with native error code 0x109(see 'link' for more details)
the client side is configured like that:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="myCustomHttpsBinding" sendTimeout="00:00:10"
openTimeout="00:00:10" reciveTimeout="00:00:10">
<reliableSession />
<security authenticationMode="CertificateOverTransport"
requireSecurityContextCancellation="true" />
<httpsTransport authenticationScheme="Anonymous"
requireClientCertificate="true" />
<binding />
<customBinding/>
<bindings />
<client>
<endpoint address="https://serverAdrress:port/"
behaviorConfiguration="SSLBehavior"
binding="customBinding"
bindingConfiquration="myCustomHttpsBinding"
contract="MyContract"
name="endpointName" />
<client />
<behaviors>
<endpointBehaviors>
<behavior name="SSLBehavior">
<clientCredentials>
<clientCerificate findValue="CertSubject"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My" />
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"/>
<serviceCertificate />
<clientCredentials />
<behavior />
<endpointBehaviors />
<behaviors />
<system.serviceModel />
the Server side is configured like that:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="myCustomHttpsBinding" sendTimeout="00:00:10"
openTimeout="00:00:10" reciveTimeout="00:00:10">
<reliableSession />
<security authenticationMode="CertificateOverTransport"
requireSecurityContextCancellation="true" />
<httpsTransport authenticationScheme="Anonymous"
requireClientCertificate="true" />
<binding />
<customBinding/>
<bindings />
<services>
<service behaviorConfiguration="ServiceConfig"
name="myService">
<endpoint address="endp1"
binding="customBinding"
bindingConfiquration="myCustomHttpsBinding"
contract="MyContract"
name="endpointName"
contract="MyContract"/>
<host>
<baseAddress>
<add baseAddress="https://serverAdrress:port/" />
</baseAddress>
<host />
<service />
<services />
<behaviors>
<serviceBehaviors>
<behavior name="ServiceConfig">
<serviceCredentials>
<clientCerificate>
<cerificate findValue="CertSubject"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My" />
<authentication
certificateValidationMode="PeerOrChainTrust"/>
</clientCerificate>
<serviceCertificate findValue="CertSubject"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My" />
<clientCredentials />
<behavior />
<serviceBehaviors />
<behaviors />
<system.serviceModel />
