SslStream on TCP Server fails to validate client certificate with RemoteCertificateNotAvailable

Question

This question is all about solving a SslPolicyError.RemoteCertificateNotAvailable error.

I have developed a TCP Server with SSLStream and a TCP Client for the other end.

I authenticate the server with:

sslStream.BeginAuthenticateAsServer 

I authenticate the client with:

sslStream.BeginAuthenticateAsClient

I am loading my client certificate from Trusted Publishers - Local Machine.

Both are running on the same machine.

I tried loading the client certificate from the .cer and .pfx files rather than the trusted publishers store. But the server's client (remote) certificate validator callback fails by finding that SslPolicyErrors has a RemoteCertificateNotAvailable error.

Answer 1

The link didn't come through, but there's a problem I can spot with the statment:

"I loaded my client certificate from Trusted Publishers"

Client certificates typically live in a Personal store for a user account. Same with Server certificates (they will probably have a different Intended Purpose OID associated with them, though - "Client authentication" vs "Server Authentication"). It'd be odd for you to have a cert with a private key available in the Trusted Publishers store, I think.

If you double-click a client or server certificate in CertMgr.msc , you should see a "This certificate has a private key" message towards the bottom.

If you don't, you only have half a key pair - encryption and authentication require the private key. The server cert needs a private key at the server end, and the client cert needs a private key at the client end.