WCF service client with cert auth, works when debug, but not live

Question

Im using a certificate authenticated WCF service. I works when in VS debugmode, but when i publish and run it won't work.

The cerificatesd are stored in CurrentUser/TrustedPeople. This is my config behavior-section:

<behavior name="LoadClientCert">
    <clientCredentials>
        <clientCertificate findValue="CN=Certificate1"
                        storeLocation="CurrentUser" storeName="TrustedPeople"
                        x509FindType="FindBySubjectDistinguishedName" />
        <serviceCertificate>
          <defaultCertificate findValue="CN=Certificate2"
                        storeLocation="CurrentUser" storeName="TrustedPeople"
                        x509FindType="FindBySubjectDistinguishedName" />
          <authentication certificateValidationMode="None"
                        revocationMode="NoCheck" />
        </serviceCertificate>
      </clientCredentials>
</behavior>

Error message: Request Error The server encountered an error processing the request. See server logs for more details.

My guess is that the IIS user don't have permissions to use the certificate. But that is only guessing.

And where can i find that server log? i tried event viewer but i didn't find anything. I also added this to my config without luck(its empty after trying the solution):

<system.diagnostics>
<sources>
  <source name="System.ServiceModel.MessageLogging">
    <listeners>
             <add name="messages"
             type="System.Diagnostics.XmlWriterTraceListener"
             initializeData="f:\logs\messages.svclog" />
      </listeners>
  </source>
</sources>
</system.diagnostics>
<diagnostics>
<messageLogging 
     logEntireMessage="true" 
     logMalformedMessages="false"
     logMessagesAtServiceLevel="true" 
     logMessagesAtTransportLevel="false"
     maxMessagesToLog="3000"
     maxSizeOfMessageToLog="2000"/>
</diagnostics>

Any suggestions?

Answer 1

If you are using 2 was SSL ie securing the transport channel with SSL and authenticating your client with SSL then the certificates should be placed as follows:

For Server Certificate (.pfx file):

Install the certificate in Local Machine Personal folder.

For Client Certificates:

On Server machine(.cer file): Install the client certificate in Local Machine --> Trusted People Store

On Client Machine (.pfx file): Install the client certificate in Local User --> Personal Store

Also if the server certificate is self signed make sure to use the below code on your client side just before invoking the service method:

System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) =>
                                                                                 {
                                                                                     return true;
                                                                                 };

UPDATE:

How to enable Tracing