WCF with transport security via certificates

I want to secure my WCF service using client certificates, i.e. only client certificates from a specific root CA should be allowed to call my service.

For testing purposes I've created a single client certificate without a CA first. I registered the client certificate at the server's certificate store (under current user -> trusted people).

Within VS2013 I've enabled SSL on the WCF service project in order to have an HTTPS endpoint. I've adapted the following Web.config file of the service as follows:

<serviceCredentials>
  <clientCertificate>
    <authentication certificateValidationMode="PeerTrust"/>
  </clientCertificate>
  ...
</serviceCredentials>

<wsHttpBinding>
  <binding name="wsHttpEndpointBinding">
    <security mode="Transport">
     <transport clientCredentialType="Certificate"/>
    </security>
  </binding>
</wsHttpBinding>

Furthermore I've adapted the App.config file of my client application as follows:

<clientCredentials>
  <clientCertificate findValue="Client" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />
  <serviceCertificate>
    <authentication certificateValidationMode="PeerTrust"/>
  </serviceCertificate>
</clientCredentials>

<wsHttpBinding>
  <binding name="WSHttpBinding_IService1">
    <security mode="Transport">
      <transport clientCredentialType="Certificate"/>
    </security>
  </binding>
</wsHttpBinding>

However, this does not work, I get the following exception message:

An error occurred while making the HTTP request to https://localhost:44300/Service1.svc. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

If I switch to message security (instead of transport security) and switch to the HTTP protocol everything seems to work just fine. So I guess I've missed some HTTPS-enabling step?! How to make transport security work?

Your certificate is not configured properly.Follow below steps

Copy the thumbprint of the certificate and run below command from command prompt in elevated mode

   netsh http add sslcert [Ipaddress:port] certhash=[thumbprint of certifcate] 
appid={unique id for application.you can use GUID for this]


[Ipaddress:port] Ipaddress and port
[thumbprint of certifcate]: thumbprint of certificate without spaces
appid :unique id you can use guid

How to generate GUID from command prompt

Open visual studio command prompt and run below command

c:>uuidgen