BasicHttpBinding using transport sercurity with Self signed Certificate

Question

I have WCF service, using both BasicHttpBinding and NetTcpBinding at different endpoints within one ServiceHost. NetTcp is using a self signed certificate, which is loaded from file, all were well untill I try to actually make use of the BasicHttpBinding, so I do:

On server:

var ServiceHost host = new ServiceHost(blah blah);
host.Credentials.ServiceCertificate.Certificate = GetCertificate(); //load a certificate from file
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
var httpBinding = new BasicHttpBinding();
httpBinding.Security.Mode = BasicHttpSecurityMode.Transport;
httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

On Client:

ChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
var cer = GetCertificate();
ChannelFactory.Credentials.ClientCertificate.Certificate = cer;

var httpBinding = new BasicHttpBinding();
httpBinding.Security.Mode = BasicHttpSecurityMode.Transport;
httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
//accept any cert
System.Net.ServicePointManager.ServerCertificateValidationCallback =
                ((sender, certificate, chain, sslPolicyErrors) => true);

However when connects, I got this error

Exception - An error occurred while making the HTTP request to https://localhost/MyService. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

certificate is not installed, and it worked fine with net tcp binding, I guess I must missed something small?

One thing I notice is net.tcp is duplex channel while basic http is simplex, I am sure there is a difference to setup? For example, I needed to load certificate at both end for net.tcp, what happens to basic http then?

Thanks in advance

Have you tried to browse the https url in browser. Does it show the WCF help page. — Chandermani, Apr 21 '11 at 05:30
No it does not, I think my certificate is not setup properly but could not find where :( — Yuan, Apr 21 '11 at 06:48
Check http://www.codeproject.com/KB/WCF/WCFSSL.aspx if you are using a non IIS hosting. You may not have configure the certificate. — Chandermani, Apr 21 '11 at 07:12

Ladislav Mrnka · Accepted Answer · 2011-04-21T07:20:05.167

4

Certificate for HTTPS is not configured in WCF configuration. You must configure certificate for http.sys. To do that use netsh.exe from command line with elevated privileges. If you are hosting your service in IIS/WAS you don't have to use netsh and you can configure HTTPS directly in IIS.

edited Apr 21 '11 at 07:20

answered Apr 21 '11 at 07:00

Ladislav Mrnka

360,892
59
660
670

The reason why I load from file (actually file is in memory) is I try to avoid command line as they are "harder" than configured in code and only valid until my service shut down. There is also a problem with port sharing If I bind a certificate to a port. – Yuan Apr 21 '11 at 07:48
@Yuan: HTTPS is provided by http.sys - it is Windows kernel driver with its own requirements. If you want to use HTTPS you must install certificate to certificate store and register it by netsh. You can do it as a custom action in the application installer. – Ladislav Mrnka Apr 21 '11 at 09:46
It seems at http://msdn.microsoft.com/en-us/library/ms733791.aspx explains all, it is not very nice to setup certificate on the binding AND set setup in HTTP.SYS , you saved me a lot of time, thanks! – Yuan Apr 22 '11 at 01:40
That last link is busted. – Nick Nov 13 '13 at 10:46

BasicHttpBinding using transport sercurity with Self signed Certificate

1 Answers1

Linked