The problem is the certificate created from a .spc
as an intermediary format, as resulting from following the steps in this answer, leads to loss of the KeyExchange
flag.
The correct way to join the .crt
with a private key is to use a private key in the .pem
format, like this:
- Obtain your new
Ssl.crt
certificate from GoDaddy. Export a PEM-formatted private key from the expired PFX:
openssl.exe pkcs12 -in ExpiredSslCert.pfx -nocerts -out SslPrivateKey.pem
Combine the CRT and PEM into PFX:
openssl.exe pkcs12 -export -in SslCert.crt -inkey SslPrivateKey.pem -out FullCert.pfx
The resulting .pfx
now has the KeyExchange
flag and works for WCF Net.Tcp bindings.