Reputation: 53
WCF Client Certificate Authentication, The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'
I have a website that is going to be called from some clients which will be authenticating with client certificates and others which will not be, because of this i have to have iis settings for client certificate set to allow. This works fine on a windows 7 professional however when i try to run this on a virtual server setup with windows 7 i get the following error
The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'
All iis settings seem to be the same between the two environments
Jeremy
Upvotes: 2
Views: 9284
Answers (2)
Reputation: 615
I got this error while debugging a WCF service for which client-side certificates were a requirement. It had the following setting in Web.config :
<bindings>
<basicHttpsBinding>
<binding name="basicHttps" maxReceivedMessageSize="10485760">
<readerQuotas maxStringContentLength="7340320" maxArrayLength="2147483647"/>
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpsBinding>
</bindings>
This gave me the error while debugging from Visual Studio. After commenting the 'security' node this error was gone :
<bindings>
<basicHttpsBinding>
<binding name="basicHttps" maxReceivedMessageSize="10485760">
<readerQuotas maxStringContentLength="7340320" maxArrayLength="2147483647"/>
<!--<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>-->
</binding>
</basicHttpsBinding>
</bindings>
Upvotes: -1
Reputation: 66
This can be caused by the IIS settings not matching the WCF configuration.
<binding name="TransportWithCertificate">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
The error message is very explicit. It is saying 'SSLRequireCert' or clientCredentialType="Certificate" does not match IIS settings of 'Ssl, SslNegotiateCert' or Client certificates: Accept. To fix this in IIS you need ClientCertificates: Require.
In my case Server 2008 R2/IIS 7.5 behaved differently to Windows 7/IIS 7.5 & Windows 8.1/IIS 8.5. In both of the desktop OS version I could run the application with Require SSL/ Client certificate: Accept.
But on Server 2008 R2/IIS 7.5 the page would not load with the error SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert' Changing to Client certificate: Require resolved the issue.
Upvotes: 1
Related Questions
- WCF Certificate Based Authentication Issue. Service is Getting authenticated with an invalid Certificate
- WCF Certificate Authentication not working
- WCF service with certificate authentication: "The caller was not authenticated by the service"
- WCF showing 403 Forbidden using SSL and client certificates
- WCF - 'The service certificate is not provided for target' error for WCF client calling a WCF service
- Enabling SSL for my WCF application is having problems
- make https request to wcf service: The remote certificate is invalid according to the validation procedure
- Https certificate error, WCF service on IIS
- "Security settings for this service require Windows Authentication" IIS error for client certificates WCF project
- WCF Service on Client Side - SSL Certificate