I am attempting to test using X509 certificates with WSE 3.0 and have it
working in my test LAN. Now I'm trying to use it between my test LAN and
the server that will ultimately host the app. I used makecert to
generate the certs on both the server and client boxes. Then I exported
the certs from the server/client and imported them on the client/server
and all seemed to be going well. Everything compiled and published
correctly. When I try running the client side of the app, it fails with
an error from the server. When I look at the event log from the server,
the following text is shown:

<begin>

An error occured processing an outgoing fault response.

Details of the error causing the processing failure:
System.Security.Cryptography.CryptographicException: Object contains
only the public half of a key pair. A private key must also be provided.
   at
System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[]
rgbHash, String str)
   at
Microsoft.Web.Services3.Security.Cryptography.RSASHA1SignatureFormatter.SignHash(Byte[]
rgbHash)
   at
Microsoft.Web.Services3.Security.Cryptography.RSASHA1SignatureFormatter.Sign(Stream
data)
   at
Microsoft.Web.Services3.Security.MessageSignature.BuildSignedInfo(SignatureFormatter
formatter)
   at
Microsoft.Web.Services3.Security.MessageSignature.ComputeAsymmetricSignature(AsymmetricKeyAlgorithm
key)
   at Microsoft.Web.Services3.Security.MessageSignature.ComputeSignature()
   at
Microsoft.Web.Services3.Security.Security.SerializeXml(SoapEnvelope
document)
   at Microsoft.Web.Services3.Security.Security.Execute(SoapEnvelope
envelope)
   at
Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
   at
Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope envelope)
   at
Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope
outputEnvelope)

The SOAP fault that was being processed follows:
<soap:Envelope
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header>

<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>

<wsa:MessageID>urn:uuid:9515906f-74b5-4eba-90ef-8760bb37e83d</wsa:MessageID>

<wsa:RelatesTo>urn:uuid:007a10dd-c5e2-4ce8-9270-ae86aa57a203</wsa:RelatesTo>

<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
    </soap:Header>
    <soap:Body>
        <soap:Fault>
            <faultcode>soap:Server</faultcode>
            <faultstring>Server was unable to process request. ---&gt;
Object contains only the public half of a key pair. A private key must
also be provided.</faultstring>
            <faultactor>http://appserv/OESWSX/Service.asmx</faultactor>
            <detail />
        </soap:Fault>
    </soap:Body>
</soap:Envelope>

<end>

The problem seems to be that the cert doesn't have a private key but it
looks correct when I look at it in MMC. This same procedure works in the
lab.

Any ideas?

Thanx,
Garth