I'm developing a WCF service (NetTcpBinding) and it works just fine without security. We bought a certificate from DigiCert and installed it on the server and configured with DigicertUtil.exe. Also installed on the test client machines.
Turning on the security I'm able to connect to it from my dev PC without problems.
Server config:
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
binding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
ServerHost.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
Properties.Settings.Default.CertificateName);
Client config:
<binding name="EndPointTCP" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false"
hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="1610612736"
maxReceivedMessageSize="1610612736">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="false" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/>
</security>
</binding>
<behaviors>
<endpointBehaviors>
<behavior name="behavior_ServerService">
<clientCredentials>
<clientCertificate findValue="*.domain.com"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="net.tcp://clients.domain.com:10001/Server/ServerService"
binding="netTcpBinding" bindingConfiguration="EndPointTCP" contract="ServerServiceReference.IServerWS"
name="EndPointTCP" behaviorConfiguration="behavior_ServerService">
<identity>
<dns value="*.domain.com" />
</identity>
</endpoint>
</client>
(I modified the domain and service name to keep privacy of the customer.)
Trying it from any other computers I receive the following error on clients:
The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:59.9840000'.
An existing connection was forcibly closed by the remote host
The trace log on the server says:
The remote certificate is invalid according to the validation procedure.
Which is very strange because I use the same certificate on both the sever and the client... (and not to mention the dev pc from which it's working well...)
The error message is the same even if I set
ServerHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
on the server and
ServiceClient.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
on the client.
Could anybody tell me how to do it correctly? Of course I do not want to use workarounds like validation callback returning always true or the above non-validated mode.
Any help would be appreciated. Only this 'little' problem should be solved to be able to release... :(
Thanks a lot in advance!
Hudgi
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做个烂人 的文章《The remote certificate is invalid according to the》','https://www.manongdao.com/article-961823.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}