Tuesday, July 28, 2009

Cryptic WCF error messages (part 6 of N)


If you have followed the previous parts of this series you already know it tries to diminish the mystery of WCF errors.

When X.509 certificates are used you might get this error:

The certificate 'CN=localhost' must have a private key that is capable of key exchange. The process must have access rights for the private key.

The second part of the error implies that you may need to set permissions on the private key. I'll deal with that in a separate post.

The first part of the error means that the certificate was created with a private key that is not capable of key exchange. This can happen when you use makecert.exe to create a test certificate without specifying the correct flags. The correct way to use makecert is:

makecert -ss My -pe -n "CN=localhost" -sky exchange


What's next? get this blog rss updates or register for mail updates!