Select the product you need help with
FIX: Authentication fails when a client calls a WCF service in which a user creates a self-signed certificate for SSL authenticationArticle ID: 973606 - View products that this article applies to. On This PageSYMPTOMSYou configure a Windows Communication Foundation (WCF)
service to use a client certificate for Secure Sockets Layer (SSL)
authentication. You create a self-signed certificate and then install it for
the authentication. However, when the client calls the service, the
authentication fails. CAUSEWhen a client sends a request to the service, the HTTP.sys
driver requests a certificate from the client. The driver automatically provides a
list of all known certification authorities (CA). However, the self-signed
certificate is not issued by any CA in the list.
Therefore, the client never returns the self-signed certificate to the
HTTP.sys driver. In addition, the HTTP.sys driver builds a trust chain. The
self-signed certificate is not chained to any CA in the list. RESOLUTIONNote If you are using the .NET Framework 3.5 Service Pack 1 on Windows 7 or on Windows Server 2008 R2, install the hotfix that is described in the following Microsoft Knowledge Based article: 977420
(http://support.microsoft.com/kb/977420/
)
A hotfix rollup is available to fix problems in Windows Communication Foundation in the .NET Framework 3.5 SP1 for Windows 7 and for Windows Server 2008 R2Hotfix InformationA supported hotfix is now available from Microsoft. However, it is intended to correct only the problem that this article describes. Apply it only to systems that are experiencing this specific problem.To resolve this problem, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft website: http://support.microsoft.com/contactus/?ws=support Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
(http://support.microsoft.com/contactus/?ws=support)
PrerequisitesYou must have the .NET Framework 3.5 Service Pack 1 (SP1) installed to apply this hotfix.Restart requirementYou do not have to restart the computer after you apply this hotfix.Hotfix replacement informationThis hotfix does not replace other hotfixes.File informationThe English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.For all supported x86-based versions of Windows Vista SP2 and of Windows Server 2008 SP2Collapse this table
For all supported x64-based versions of Windows Vista SP2 and of Windows Server 2008Collapse this table
For all supported Itanium-based versions of Windows Server 2008 SP2Collapse this table
STATUSMicrosoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section. MORE INFORMATIONThis hotfix changes a registry key on the computer that
hosts the WCF
service. On this computer, the HTTP.sys driver
provides an empty CA list. Fixes an issue in which authentication fails when a user creates a self-signed certificate for SSL authentication in a service that a client calls. Then, the client can add the self-signed
certificate to the empty CA list. In
addition, the hotfix enables the user to create instances of the X509CertificateValidator class to use over HTTPS. PropertiesArticle ID: 973606 - Last Review: March 1, 2011 - Revision: 2.0
|
Back to the top
