SSL / Web Service requring client certificates. No certificate server side...?



Hi all,

I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the
client app and web service are running on my local development

I am using a straightforward HTTPWebRequest, and WSE 2 to add an X509
certificate, as follows:

Private Function CreateWebRequest() As HttpWebRequest

Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL &
"/" & m_Operation)


objRequest.Method = "POST"
objRequest.ContentType = "application/x-www-form-urlencoded"
objRequest.Timeout = 300000

Dim certStore As X509CertificateStore
certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.RootStore.ToString)

Dim cert As X509Certificates.X509Certificate
If certStore.FindCertificateBySubjectString("XYZ").Count > 0
cert = certStore.FindCertificateBySubjectString("XYZ")(0)
End If


Return objRequest

End Function


This is using a test cert generated with makecert, and imported into
the local machine root store. When in debug mode, I can see the cert
is retrieved and added to the request's clientcertificates collection

However when inspecting the Context.Request.ClientCertificate property
in the WebService code, there is only an HTTPClientCerticate object
there with its properties unpopulated . ( this seems to be present
irrespective of whether or not the certificate is added client side)

I have attempted a similar exercise with the following test code which
I found here :
to test a straightforward web service scenario, with the same result.
(The cert does not seem to be passed to the service...)


private void TestService_Click(object sender, System.EventArgs e)
CSWebservices.CCWebservice objws ;
objws = new CSWebservices.CCWebservice() ;

X509Certificate objCert ;
objCert = X509Certificate.CreateFromCertFile("xyz.cer") ;

objws.ClientCertificates.Add(objCert) ;

CSWebservices.ClientCertificateDetails objCertDetails ;
objCertDetails = objws.GetCertificateDetails() ;



Server Side:

public ClientCertificateDetails GetCertificateDetails()
HttpClientCertificate objCertificate =
HttpContext.Current.Request.ClientCertificate ;
ClientCertificateDetails objCertificateDetails = new
ClientCertificateDetails() ;
objCertificateDetails.Cookie = objCertificate.Cookie ;
objCertificateDetails.IsPresent = objCertificate.IsPresent ;
objCertificateDetails.Issuer = objCertificate.Issuer ;
objCertificateDetails.IsValid = objCertificate.IsValid ;
objCertificateDetails.KeySize = objCertificate.KeySize ;
objCertificateDetails.SecretKeySize = objCertificate.SecretKeySize
objCertificateDetails.SerialNumber = objCertificate.SerialNumber ;
objCertificateDetails.ServerIssuer = objCertificate.ServerIssuer ;
objCertificateDetails.ServerSubject = objCertificate.ServerSubject
objCertificateDetails.ValidFrom = objCertificate.ValidFrom ;
objCertificateDetails.ValidUntil = objCertificate.ValidUntil ;

return objCertificateDetails ;


If I configure IIS to require Client certificates: I experience HTTP
403.7 ( cert required ) errors.

Any ideas / pointers would be appreciated.