Could not create SSL/TLS secure channel

While creating a client for a web service, I came across the following.

The web service uses https with a client certificate which I imported into the certificate store:

Pretty simple!

While this worked on my local machine it did not work on the workstations the client actually runs on. The default response to any request sent from these clients was:  ‘Could not create SSL/TLS secure channel.’.

At first I thought it had something to do with user rights. Nope, importing the certificate by hand with the same user as the client process did work. After some trial and error I discovered Windows 8.1 apparently stores the private key by default and Windows XP POSReady and Windows 7 POSReady do not.

By adding the appropriate X509KeyStorageFlags (PersistKeySet and DefaultKeySet) Windows POSReady also stores the private key:

Now the certificate is imported correctly an no more: ‘Could not create SSL/TLS secure channel.’.

Problem solved!


More info:

msdn: x509keystorageflags


Author: Peter

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.