Using certificates in a client-application consuming a web service

Question

I am implementing a VB.NET desktop application which consumes a web service.

The web service implemented in Java and I currently using Tomcat on my localhost to host the web service.

The web service requires secure communication with the client and so I have followed instructions that outlined how to use Java's keytool.exe to create two .jks keystores (one for the client and one for the server) and then create two .cer certificates (one for the client and one for the server)

I have placed the keystores and certificates generate into the directory where the web service is expecting them (according to the instructions)

I have installed the certificates into TrustedPeople and have attempted to use the certificate by setting the ClientCredentials.ClientCertificates property like this:

myServiceProxy.ClientCredentials.ClientCertificate.SetCertificate(storeLocation.CurrentUser, StoreName.TrustedPeople, X509FindType.FindByIssuerName, "name")

I keep getting the following error message when I try to call any method:

An error was discovered processing the <wsse:Security> header

My problem is that I don't know how to use this in the VB.NET client application that is consuming the web service. I could be doing this completely wrong. Any guidance on this topic would be greatly appreciated.

Thank you,

-Frinny

Answer 1

While I haven't coded VB for 10 years, this should get you started: http://www.example-code.com/vbdotnet/ssl_client_certificate.asp

especially this looks like it is loading the file containing the certificate: certStore.LoadPfxFile("chilkat_secret.pfx","secret")

and this extracts the certificate and uses it for the connection:

Dim cert As Chilkat.Cert
cert = certStore.FindCertBySubjectCN("Chilkat Software, Inc.")
If (cert Is Nothing ) Then
    MsgBox(certStore.LastErrorText)
    Exit Sub
End If


socket.SetSslClientCert(cert)

Answer 2

When I had to work with certificates and WS, I had lots of issues with the them too. Use the certificates MMC and verify:

• That you placed the certificate in the correct place. Note that there is a CurrentUser store, Machine Store etc. Make sure you put the certificate in the correct one according to your code.
• Which user is running your application? Is the certificate located in it's store? The certificate must be visible to the user.
• Open the certificate and make sure it is trusted (you will see a warning if not). You may need to put your CA's certificate in Trusted Certification Authorities store.
• Make sure that the algorithms you use on each side are supported by the other side.
• Note that you are looking for the certificate by issuer name X509FindType.FindByIssuerName, "name" open the certificate, make sure the issuer name matches (I guess not since it seems like copy&paste from example).

If all of this fails, try to experiment with the certificate location (I vaguely remember some issue with being able to use certificates from one location and not the other), and with the property you use to search for the certificates.

Plus, since you asked about certificates I answered about certificates. It's a good idea to check if there's an inner exception and see - it may be another problem.