"SignAndEncrypt" MessageSecurityMode and Certificates
Posted: 09 Jun 2021, 12:09
Hello,
I am using "SignAndEncrypt" MessageSecurityMode and 'Anonymous' UserIdentityTokens.
I also set 'AutomaticallyTrustAllClientCertificates' = true.
In that case, it is still required to have server certificate to be in client's trusted list?
Based on my checking with simple client and server application, it seems it is still required.
Can you please answer why server certificate has to be in client's trusted list?
Thank you in advance.
I am using "SignAndEncrypt" MessageSecurityMode and 'Anonymous' UserIdentityTokens.
I also set 'AutomaticallyTrustAllClientCertificates' = true.
In that case, it is still required to have server certificate to be in client's trusted list?
Based on my checking with simple client and server application, it seems it is still required.
Can you please answer why server certificate has to be in client's trusted list?
Thank you in advance.