0

I am trying to call web service from BizTalk using WCF-Customs adapter with custom binding. I was provided with 1 private key and 1 public key certificates.

I configured the binding with the below bindings configs

enter image description here

enter image description here

enter image description here

I configured my behaviour like below

I specified the private key for client certficate

enter image description here

and for service I specified the public key

enter image description here

But I am getting the below error. any help will be much greatful

System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: General security error (No certificates were found for decryption (KeyId))
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.EndRequest(IAsyncResult result)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.Channels.IRequestChannel.E
vinoth
  • 485
  • 4
  • 16
  • Check this out: https://stackoverflow.com/questions/1484601/wcf-gives-an-unsecured-or-incorrectly-secured-fault-error – LinkedListT May 04 '20 at 12:17

1 Answers1

0

Please ensure that the private key of the certificate can be accessed by the account running the client application. this commonly requires us to add the current user to the private key management group of the certificate.
Besides, https secure communication requires a timestamp in the SOAP envelopment. Therefore, the system time between the server-side and the client-side is supposed to be consistent.
Here are some related discussions.
"No certificates were found for decryption" (Apache CXF, WS-Security)

http://cxf.547215.n5.nabble.com/General-security-error-No-certificates-were-found-for-decryption-KeyId-td4367559.html
Feel free to let me know if there is anything I can help with.

Abraham Qian
  • 7,117
  • 1
  • 8
  • 22
  • I checked the current user is having full control over the private key in local machine.I intercepted the soap req in fiddler where I can see the soap header is having the encryption details and the soap body is encrypted. when I checked in net it been said this error can happen at both client and server side. In this instance how can I check its client /server side. – vinoth May 06 '20 at 07:10
  • please check the system time are within 1 minute between the server-side and the client-side. – Abraham Qian May 06 '20 at 09:44
  • yes..I checked on client side Timestamp starts at 15:16:30 and expires by 15:21:30 and on the server side starts 15:16:32 and expires 15:21:32. – vinoth May 06 '20 at 15:45