Could not create SSL/TLS secure channel.
- You have enabled WCF tracing and it doesn't even give a clue.
- System logs doesn't even say anything.
- It works well on the development computer, but not on the production server (possibly running on IIS 7+)
- You have no idea what to do
- Google / StackOverFlow is not helping either. ==> Your fault. Learn to talk to a machine.
- Packet tracing for SSL handshake looks something like this.
- [Client => Server] Client Hello
- [Server=> Client ] Server Hello
- [Server=> Client ] Server Certificate
- [Server=> Client ] Certificate Request
- [Client => Server] Certificate, Key Exchange, Verify, Cipher Spec
- [Server=> Client ] Error
After trying different things I did get it fixed.
The reason was that the user under your client is running has no permission to the certificate's private key.
So, here's how to get it fixed.
- Start => Run => type "mmc" => <press enter> => go to FILE => ADD OR REMOVE SNAP-INS
- Select "Certificates" on left hand side (Available Snap-ins)
- Press "ADD >" or double click on it.
- New window opens "Certificates snap-in", select "Computer Account"
- Click Next
- Select "Local Computer" => Finish
- Check "Selected Spanins" box, there should be "Certificates (Local Computer)" ==> OK
- Go to personal => certificates => if your certificate is there, delete it.
- if you know your certificate is in some other folder, go there and delete it.
- Import your certificate again, this time make sure you have selected the option to export the private key.
- ctrl + drag your certificate to the Personal certificates folder. You need it.
- now select your certificate => right click => all tasks => Manage Private Keys
- Now click on ADD.
- Now it should work.