I have a .NET (WinForms) application running as a (test-)client for a SOAP service. The service requires that the client authenticates itself with a client certificate (like this MSDN example: https://msdn.microsoft.com/en-us/library/ms731074(v=vs.110).aspx).
Using SoapUI to test the service or displaying the WSDL from Firefox both succeeds, but the client does not complete the SSL/TLS handshake. The error message says: "The request was aborted: Could not create SSL/TLS secure channel."
The Windows event viewer has the following entries within a few milliseconds:
- [INFO] Creating an SSL client credential.
- [ERROR] A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
Unfortunately there is not much to be found on Schannel error state 12.
.NET and network tracing show that the correct client certificate is sent to the server, but it seems to fail after (or while?) the server is sending its certificate(s) to the client. .NET tracing has the following line:
System.Net Information: 0 : [2828] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
Unfortunately, the 'IllegalMessage' is not very informative.
Since I do have the server's root certificate installed on the client, I have no idea what could go wrong here. I also have a callback enabled for validating the server certificate, but that point is obviously not reached.
Does anyone have an idea what could cause Schannel to fail at this point...?
