WCF Security :The service certificate is not provided. Specify a service certificate in ServiceCredentials

Question

I have implemented WCF service with Custom validation by overloading 'UserNamePasswordValidator' and using message security but on my devlopment machine there is no certificate but on LIVE environment there is SSL certificate. So i hosted the service on LIVE server with below code still i am getting below error

    'The service certificate is not provided. Specify a service certificate in ServiceCredentials'

    '<system.serviceModel>
        <behaviors>
          <serviceBehaviors>
            <behavior name="customBehavior">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
              <serviceCredentials>
                <userNameAuthentication 
                  userNamePasswordValidationMode="Custom" 
                  customUserNamePasswordValidatorType="Myassembly.UserNameValidator,Myservice"/>
    <serviceCertificate findValue="MyCertName" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>

        <bindings >
          <wsHttpBinding>
            <binding name="RequestUserName" >
              <security mode="Message">
                <message clientCredentialType="Certificate"/>
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>

        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />

        <services>
          <service name="CRMServices" behaviorConfiguration="customBehavior">
            <!--For basic http binding endpoint-->
            <endpoint address="" binding="wsHttpBinding" 
                      bindingConfiguration="RequestUserName"
                      contract="ICRMServices">
              <!--<identity>
                <dns value="localhost" />
              </identity>-->
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
            <host>
              <baseAddresses>

              </baseAddresses>
            </host>
          </service>
        </services>
      </system.serviceModel> '

I have applied SSL to the deployed WCF service but when try to access the hosted URL it is giving '404' and in event viewer it is showing 
 'InvalidOperationException 
   Cannot find the X.509 certificate using the following search criteria: StoreName 'TrustedPeople', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'Mycert'. at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch '

Please help me

Answer 1

It can not find the certificate. You specified:

<serviceCertificate findValue="MyCertName" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" />

So it will look in TrustedPeople in CurrentUser store for a certificate with MyCertName in Subject. When you run WCF service in visual studio, it runs under your account so current user would be OK in that case. But when you deploy a service on IIS, it will run under aplication pool user (by default it is IIS APPPOOL\DefaultAppPool user).

I would

• check where (in what store) the certificate you want to use is. I bet it is in the LocalMachine\Personal store. You can use mmc to check that
• If I could choose where to put a service certificate, it would be LocalMachine\Personal. I would set access rights to private key corresponding to the certificate for the app pool user that the service runs under. Can be done in mmc.
• I would select x509FindType="FindByThumbrint" as my search criteria. You can be pretty sure that only one certificate will be in the store.