Outgoing SOAP message encryption for WS

Question

I need to access a WS method by C# and one of its requirements is encrypting the SOAP message with the server's certificate public key. They sent me, for testing, that certificate, but it expired some months ago.

My questions are:

1. How can I get the server's certificate without asking them? I already tried to hook ServicePointManager.ServerCertificateValidationCallback but the method return "A security error was encountered when verifying the message" without accessing the callback one. Code:

   //Hook
   ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CertificateValidationCallBack);
   
   //Method
   getVehicleInfoResponse = wsVehicleInfo.getVehicleInfoOperation(vehicle);
   

2. Would public key change in the certificate renewal or can I keep using the old one? If so, which is the way to extract and encrypt the public key from a expired certificate? Tried this by using WSE 3.0, but when I create encDataToken I get "WSE511: It is invalid to use the security token SecurityToken-X now because the token is either expired or postdated.". Code:

   secureToken = new Microsoft.Web.Services3.Security.Tokens.X509SecurityToken(certExpired);
   encDataToken = new Microsoft.Web.Services3.Security.EncryptedData(secureToken); //Fails here
   requestContext.Security.Elements.Add(encDataToken);
   

3. Encryption algorithm must be aes128-gcm, but I wasn't able to find and use it. Instead I encrypt with aes128-cbc. Does it affect? Which is the way to select that algorithm? Code:

   [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
   public class X509TokenManager : Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager {
       public X509TokenManager()
           : base() {
   
           base.DefaultSessionKeyAlgorithm = "AES128";
       }
   }
   

Any help is appreciated, no need to answer mandatorily to all questions. Thanks.