I'm trying to get all client certificates programmatically when access a secure server which requires client certificate.
There are some client certificates in my store. And I can see them from IE certificate selection dialog if I use IE to open a secure web service site which requires client certificate. Now I'm trying to get all valid local client certificates programmatically like IE for windows form application with below code.
TcpClient client = new TcpClient(serverName, 443); // server
name is the web service site computer name
SslStream sslStream = new SslStream(
new LocalCertificateSelectionCallback(SelectLocalCertificate) // select local certificate delegate
sslStream.AuthenticateAsClient(serverName); // Server name is same to the TcpClient server name
public X509Certificate SelectLocalCertificate(
The problem is that SelectLocalCertificate will be executed twice. First, acceptableIssuers is null, secont, it's all my local acceptable issuers. But localCertificates is always empty. How could I get the local certificates? Is there anything that I'm missing? Is there any other ways to get local client certificates like IE's certificate selection dialog?
BTW, I'm working on web service development with VS 2008 SP1.
Finally, I found that I should use another AuthenticateAsClient method like "sslStream.AuthenticateAsClient(serverName, certificatesCollection, SslProtocols.Default, false);" that pass a local certificates collection myself and LocalCertificateSelectionCallback will return it during handshake. Then I could compare the acceptableIssuers with passed localCertificates collection like IE does with certificate selection dialog.
Plese correct me if I'm wrong.