LocalCertificateSelectionCallback failes to get local certificates RRS feed

  • Question

  • Hi,

    I'm trying to get all client certificates programmatically when access a secure server which requires client certificate.

    There are some client certificates in my store. And I can see them from IE certificate selection dialog if I use IE to open a secure web service site which requires client certificate. Now I'm trying to get all valid local client certificates programmatically like IE for windows form application with below code.

    void Test()


             TcpClient client = new TcpClient(serverName, 443);             // server name is the web service site computer name
             Console.WriteLine("Client connected.");
             SslStream sslStream = new SslStream(
                new RemoteCertificateValidationCallback(ValidateServerCertificate),
                new LocalCertificateSelectionCallback(SelectLocalCertificate)                  // select local certificate delegate

                sslStream.AuthenticateAsClient(serverName);     // Server name is same to the TcpClient server name


     public X509Certificate SelectLocalCertificate(
             object sender,
             string targetHost,
             X509CertificateCollection localCertificates,
             X509Certificate remoteCertificate,
             string[] acceptableIssuers)


    The problem is that SelectLocalCertificate will be executed twice. First, acceptableIssuers is null, secont, it's all my local acceptable issuers. But localCertificates is always empty. How could I get the local certificates? Is there anything that I'm missing? Is there any other ways to get local client certificates like IE's certificate selection dialog?

    BTW, I'm working on web service development with VS 2008 SP1.

    Best Regards,



    Monday, May 3, 2010 3:18 PM

All replies

  • Does anyone have experience on this issue?

    Thank you very much,


    Thursday, May 6, 2010 1:30 AM
  • Finally, I found that I should use another AuthenticateAsClient method like "sslStream.AuthenticateAsClient(serverName, certificatesCollection, SslProtocols.Default, false);" that pass a local certificates collection myself and LocalCertificateSelectionCallback will return it during handshake. Then I could compare the acceptableIssuers with passed localCertificates collection like IE does with certificate selection dialog.

    Plese correct me if I'm wrong.



    Thursday, May 6, 2010 11:19 AM