WCF Error "Found multiple X.509 certificates using search criteria"

.net wcf web-config soa client-certificates

12,181

I think you problem in certificate store. please do the following:

run mmc
menu file/Add Remove Snap-In
from the treeview select certificates, than select radiobox Local computer
Certificates(local computer)/Personal/certificates
look through all certificates listed there. there should be a dublication. (if the duplication is not visible right on the first look, double click on each certificate, go to Detatis tab, find the Subject property)

Get rid of duplication if possible. in other case define FindByThumbprint criteria in your config

12,181

Author by

Nirman

Updated on June 14, 2022

Comments

Nirman almost 2 years

I receive following error when I try accessing a WCF service hosted on our staging server.

"Found multiple X.509 certificates using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectName', FindValue 'StagingServer001'. Provide a more specific find value."

I try to access the following URL and get above error:

http://stagingserver001/MyService1.svc

Could anyone please guide me how can I find the certificate in the store to delete it? Or what changes I need in configurations of WCF

Please find below the the relevant code taken from web.config of the WCF service

<behaviors>
      <endpointBehaviors>
        <behavior name="endpointCredentialBehavior">
          <clientCredentials>
            <clientCertificate findValue="SPLEBUSSTG02" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
            <serviceCertificate>
              <defaultCertificate findValue="772f3fdf2496c9750be3b0713003b47b15dfde96" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
              <authentication certificateValidationMode="PeerOrChainTrust" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="SecurityBehavior">
          <serviceMetadata httpGetEnabled="True"  />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <serviceCertificate findValue="772f3fdf2496c9750be3b0713003b47b15dfde96" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
            <clientCertificate>
              <certificate findValue="SPLEBUSSTG02" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
              <authentication certificateValidationMode="PeerOrChainTrust" />
            </clientCertificate>
          </serviceCredentials>
        </behavior>
        <behavior>
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
          <ServiceErrorHandler />
        </behavior>
      </serviceBehaviors>

    </behaviors>

jtrohde over 8 years

I had this same problem. Found my duplicate, deleted it, and still am getting the same error message. Did an IISReset, rebooted the server, cleared all caches on server and local machines. Nothing. By all accounts the cert is gone, but it's somehow still being "found" by IIS,
Yaugen Vlasau over 8 years

I'd still recommend use FindByThumbprint option with proper ID of your certificate