Reputation: 930
How to configure a digicert CNG certificate in app.config
we're trying to configure a client-provided certificate which was issued by the DigiCert CA for authentication in a WCF service.
Unfortunately, the utility we need to run isn't able to parse the certificate and gives a Unexpected error: Invalid provider type specified. error.
It seems the error means that the format of the certificate is CNG instead of CAPI, and apparently .NET 4 and higher should be able to accept those. But we're still not sure how to enter that into app.config to make .NET recognize the certificate. Below is the app.config file contents with the endpoint certificate authentication.
Could someone please offer some advice? Thank you in advance.
<behaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<clientCertificate findValue="2449997a30a8c9df29bd43c1eaa91cb47d89b0cb" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
<serviceCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint name="Download" address="http://mywebserviceurl.com/MobileService/WebService2.svc" behaviorConfiguration="ClientCertificateBehavior" binding="wsHttpBinding" bindingConfiguration="TheWsHttpBinding" contract="MyApp.FileClient.IDownloadService">
<identity>
<certificate encodedValue="*****"/>
</identity>
</endpoint>
</client>
<bindings>
<wsHttpBinding>
<binding name="TheWsHttpBinding">
<security>
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
Upvotes: 0
Views: 153
Answers (1)
Reputation: 4174
Possibly you are using .NET Framework 4.6.1 or below:
.NET Framework 4.6.1 and earlier versions do not support these certificates because they use the legacy CryptoAPI to handle CNG/KSP certificates. The use of these certificates with .NET Framework 4.6.1 and earlier versions will cause an exception. Source
Upvotes: 0
Related Questions
- Configure WCF service client with certificate authentication programmatically
- The certificate 'CN=ds.com' must have a private key. The process must have access rights for the private key
- Configuring WCF client binding to use X509 certificate in dotnet core 2.2
- How can I configure WCF to use x509 certificates over the internet?
- Configure a Port with an SSL Certificate w\o using Httpcfg
- [WCF]configure a Port with an SSL certificate with Httpcfg.exe
- Generated certificates do not work?
- WCF SSL connection configurations?
- WCF service client with cert auth, works when debug, but not live
- WCF Certificate Configuration with ASP.NET