I am not able to authenticate my WCF service using the .cer certificate. The same service is authenticating with the .pfx certificate. The client is not willing to share the .pfx file and insists that I implement a way to use the .cer certificate. The .cer certificate I have to use is without the private key.
I have tried installing the certificate and exporting it in the .pfx format but since the .cer file is without the private key, the option to export in .pfx is disabled.
I am using the following to fetch the .pfx certificate:
((X509CertificateClaimSet)OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets[0]).X509Certificate;
I want to know if the .cer certificate can be used instead of .pfx and if through the same code, I can fetch the .cer certificate as well.
this is expected and by design. Authentication process requires private key, which exist in PFX and doesn't exist in
.cer. Private key is used to sign authentication data and to prove certificate ownership.Your client asks for impossible and potentially doesn't understand how certificate-based authentication works. There is no way to make it working with public certificate, you need a PFX with private key.
Maybe you can create your own certificate with private key and share public certificate (without private key) with client so they can install it in their app and trust it. However it depends on applications and their configurations.