Reputation: 13
The certificate is not valid for the requested usage
I set certificateValidationMode to "ChainTrust" in behavior/clientCredentials/serviceCertificate/authentication.
When my client try to send request then it's failed with error:
The X.509 certificate chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The certificate is not valid for the requested usage.
Certificate has valid chain in mmc and Root Certificate located in Trusted Root Certificate Authorities.
I have no idea and I cannot find solution in Google.
What's wrong?
Upvotes: 1
Views: 4858
Answers (1)
Reputation: 33088
It sounds like your certificate has an Extended Key Usage extension, and that it does not contain the TLS server OID.
https://support.microsoft.com/en-us/help/4054181/description-of-the-security-only-update-for-net-framework-4-6-4-6-1-4 suggests that you can try adding an app.config value to disable this check. If adding the config item succeeds then you should replace your server certificate with a better cert (and then remove the app.config value)
<appSettings>
<add key="wcf:useLegacyCertificateUsagePolicy" value="true" />
</appSettings>
Upvotes: 1
Related Questions
- The remote certificate is invalid according to the validation procedure
- The remote certificate is invalid according to the validation procedure
- Generated certificates do not work?
- make https request to wcf service: The remote certificate is invalid according to the validation procedure
- WCF - It is likely that certificate ... may not have a private key that is capable of key exchange
- FaultException `1 was unhandled : Invalid Certificate?
- Certificate validation failed
- WCF SSL certificate validation error
- https certificate ssl has an issue
- C# WCF and certificate FaultException