Mutual SSL Authentication - Local certificate in sslstream returning 'null' instead of certificate on client

I am working on creating an windows service which will make a call to a API. For this process, I am trying to establish a Mutual (Two way) SSL authentication. Since I am newbie to this. I tried to implement a simple client and server project which will authenticate mutually.

I have created the self signed certificate exchanged and added in trusted certificates.

My Client

using System;
using System.Configuration;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;

namespace MutualSslDemo.Client
    class Program
        static void Main(string[] args)
            //  hostName
            var hostName    = ConfigurationManager.AppSettings["hostName"];
            if (String.IsNullOrEmpty(hostName))
                throw new ArgumentNullException("hostName", "Please specify a valid hostname to connect to.");

            //  port
            var port        = Convert.ToInt32(ConfigurationManager.AppSettings["port"]);
            if (port <= 0)
                throw new ArgumentException("Please specify a valid port number.");

            //  certificate and password
            var certificate = ConfigurationManager.AppSettings["certificate"];
            var password    = ConfigurationManager.AppSettings["password"];
            var certificates = new X509Certificate2Collection(new X509Certificate2(certificate, password));

            RunClient(hostName, port, certificates);

        static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
            return (sslPolicyErrors == SslPolicyErrors.None);

        static bool CertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
          if (sslPolicyErrors != SslPolicyErrors.None)
            Console.WriteLine("Validation Error");
            return false;
            return true;

        static void RunClient(string hostName, int port, X509Certificate2Collection certificates)
            // Create a TCP/IP client socket.
            // machineName is the host running the server application.
            TcpClient client = new TcpClient(hostName, port);
            Console.WriteLine("Client connected.");
            // Create an SSL stream that will close the client's stream.
            SslStream sslStream = new SslStream(
                new RemoteCertificateValidationCallback(CertificateValidationCallback));

            // The server name must match the name on the server certificate.
                sslStream.AuthenticateAsClient(hostName, certificates, SslProtocols.Default, true);
            catch (AuthenticationException e)
                Console.WriteLine("Exception: {0}", e.Message);
                if (e.InnerException != null)
                    Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
                Console.WriteLine("Authentication failed - closing the connection.");
            // Encode a test message into a byte array.
            // Signal the end of the message using the "<EOF>".
            byte[] messsage = Encoding.UTF8.GetBytes("Hello from the client.<EOF>");
            // Send hello message to the server. 
            // Read message from the server.
            string serverMessage = ReadMessage(sslStream);
            Console.ForegroundColor = ConsoleColor.Yellow;
            Console.WriteLine("Server says: {0}", serverMessage);
            // Close the client connection.
            Console.WriteLine("Client closed.");

        static string ReadMessage(SslStream sslStream)
            // Read the  message sent by the server.
            // The end of the message is signaled using the
            // "<EOF>" marker.
            byte[] buffer = new byte[2048];
            StringBuilder messageData = new StringBuilder();
            int bytes = -1;
                 bytes = sslStream.Read(buffer, 0, buffer.Length);

                // Use Decoder class to convert from bytes to UTF8
                // in case a character spans two buffers.
                Decoder decoder = Encoding.UTF8.GetDecoder();
                char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
                decoder.GetChars(buffer, 0, bytes, chars, 0);
                // Check for EOF.
                if (messageData.ToString().IndexOf("<EOF>") != -1)
            } while (bytes != 0);

            return messageData.ToString();

        static void DisplaySecurityLevel(SslStream stream)
            Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
            Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
            Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
            Console.WriteLine("Protocol: {0}", stream.SslProtocol);

        static void DisplaySecurityServices(SslStream stream)
            Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer);
            Console.WriteLine("IsSigned: {0}", stream.IsSigned);
            Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted);

        static void DisplayStreamProperties(SslStream stream)
            Console.WriteLine("Can read: {0}, write {1}", stream.CanRead, stream.CanWrite);
            Console.WriteLine("Can timeout: {0}", stream.CanTimeout);

        static void DisplayCertificateInformation(SslStream stream)
            Console.WriteLine("Certificate revocation list checked: {0}", stream.CheckCertRevocationStatus);

            X509Certificate localCertificate = stream.LocalCertificate;
            if (stream.LocalCertificate != null)
                Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
                Console.WriteLine("Local certificate is null.");
            // Display the properties of the client's certificate.
            X509Certificate remoteCertificate = stream.RemoteCertificate;
            if (remoteCertificate != null)
                Console.WriteLine("Remote cert was issued to {0} and is valid from {1} until {2}.",
                Console.WriteLine("Remote certificate is null.");

My Server

using System;
using System.Configuration;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;

namespace MutualSslDemo.Server
    class Program
        static void Main(string[] args)
            //  port
            var port = Convert.ToInt32(ConfigurationManager.AppSettings["port"]);
            if (port <= 0)
                throw new ArgumentException("Please specify a valid port number.");

            //  certificate and password
            var fileName    = ConfigurationManager.AppSettings["certificate"];
            var password    = ConfigurationManager.AppSettings["password"];
            var certificate = new X509Certificate2(fileName, password);

            ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(OnRemoteCertificateValidationCallback);
            SslTcpServer.RunServer(port, certificate);

        static bool OnRemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
            return (sslPolicyErrors == SslPolicyErrors.None);

        public sealed class SslTcpServer
            // The certificate parameter specifies the name of the file 
            // containing the machine certificate.
            public static void RunServer(int serverPort, X509Certificate2 certificate)
                // Create a TCP/IP (IPv4) socket and listen for incoming connections.
                var listener = new TcpListener(IPAddress.Any, serverPort);

                while (true)
                    Console.WriteLine("Waiting for a client to connect...");
                    // Application blocks while waiting for an incoming connection.
                    // Type CNTL-C to terminate the server.
                    var client = listener.AcceptTcpClient();
                    ProcessClient(client, certificate);

            static void ProcessClient(TcpClient client, X509Certificate certificate)
                // A client has connected. Create the 
                // SslStream using the client's network stream.
                var sslStream = new SslStream(client.GetStream(), false);

                    // Authenticate the server and requires the client to authenticate.
                    sslStream.AuthenticateAsServer(certificate, true, SslProtocols.Default, true);
                    // Display the properties and settings for the authenticated stream.

                    // Set timeouts for the read and write to 5 seconds.
                    sslStream.ReadTimeout = 5000;
                    sslStream.WriteTimeout = 5000;
                    // Read a message from the client.   
                    Console.WriteLine("Waiting for client message...");
                    string messageData = ReadMessage(sslStream);
                    Console.ForegroundColor = ConsoleColor.Yellow;
                    Console.WriteLine("Received: {0}", messageData);

                    // Write a message to the client.
                    byte[] message = Encoding.UTF8.GetBytes("Hello from the server.<EOF>");
                    Console.WriteLine("Sending hello message.");
                catch (AuthenticationException e)
                    Console.WriteLine("Exception: {0}", e.Message);
                    if (e.InnerException != null)
                        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
                    Console.WriteLine("Authentication failed - closing the connection.");
                    // The client stream will be closed with the sslStream
                    // because we specified this behavior when creating
                    // the sslStream.

            static string ReadMessage(SslStream sslStream)
                // Read the  message sent by the client.
                // The client signals the end of the message using the
                // "<EOF>" marker.
                byte[] buffer = new byte[2048];
                StringBuilder messageData = new StringBuilder();
                int bytes = -1;
                    // Read the client's test message.
                    bytes = sslStream.Read(buffer, 0, buffer.Length);

                    // Use Decoder class to convert from bytes to UTF8
                    // in case a character spans two buffers.
                    Decoder decoder = Encoding.UTF8.GetDecoder();
                    char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
                    decoder.GetChars(buffer, 0, bytes, chars, 0);
                    // Check for EOF or an empty message.
                    if (messageData.ToString().IndexOf("<EOF>") != -1)
                } while (bytes != 0);

                return messageData.ToString();

            static void DisplaySecurityLevel(SslStream stream)
                Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
                Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
                Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
                Console.WriteLine("Protocol: {0}", stream.SslProtocol);

            static void DisplaySecurityServices(SslStream stream)
                Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer);
                Console.WriteLine("IsSigned: {0}", stream.IsSigned);
                Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted);

            static void DisplayStreamProperties(SslStream stream)
                Console.WriteLine("Can read: {0}, write {1}", stream.CanRead, stream.CanWrite);
                Console.WriteLine("Can timeout: {0}", stream.CanTimeout);

            static void DisplayCertificateInformation(SslStream stream)
                Console.WriteLine("Certificate revocation list checked: {0}", stream.CheckCertRevocationStatus);

                X509Certificate localCertificate = stream.LocalCertificate;
                if (stream.LocalCertificate != null)
                    Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
                    Console.WriteLine("Local certificate is null.");
                // Display the properties of the client's certificate.
                X509Certificate remoteCertificate = stream.RemoteCertificate;
                if (remoteCertificate != null)
                    Console.WriteLine("Remote cert was issued to {0} and is valid from {1} until {2}.",
                    Console.WriteLine("Remote certificate is null.");

Now, this work if I run both server and client in locally(localhost). However, when I tried this in two different machine (within a network LAN). It throws an error of

Exception: The remote certificate is invalid according to the validation procedure.

in My Server code in this line.

sslStream.AuthenticateAsServer(certificate, true, SslProtocols.Default, true);

In My Client I noticed that the CertificateValidationCallback return true

But I found Local certificate is null in DisplayCertificateInformation

Sorry, I am really new to both C# and security. Can anyone please help me on this. Thanks in advance.

Certificate error

static bool CertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    return true;

