8

Can anyone provide me with an example on how to create a self signed certificate, which would be accepted by the following code:

        ServiceHost svh = new ServiceHost(typeof(MyClass));

        var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
        //security
        tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
        svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
        svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
        ....
        svh.Open();

I've used 

makecert -pe myCertificate

and 

makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

and 

makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange

and I've tried to generate the certificate with BouncyCastle, but every time I'm getting following exception:

It is likely that certificate 'CN=Dev Certification Authority' may not have a 
private key that is capable of key exchange or the process may not have access 
rights for the private key. Please see inner exception for detail.

and the inner exception is null.

There's likely a trick to it, but I'm not getting it.

How do I generate a proper certificate for my WCF service??

Arsen Zahray
  • 24,367
  • 48
  • 131
  • 224
  • 2
    Take a look at this how to link. http://msdn.microsoft.com/en-us/library/ff648498.aspx – Bryan Corazza Feb 12 '12 at 21:35
  • This link was the most helpful for me setting up mine. It walks through all the steps. http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti – vikingben May 15 '13 at 02:58

1 Answers1

1

The following code works for me for framework 4.0: It is important first
to install your certificate manually as trusted certificate in your LocalMachine
In order to do this you can install it simply from internet explorer by opening the server location.

and second to respond to the server error, because of the self sign certificate

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Security.Cryptography.X509Certificates;
 using System.Net;
 using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
    static void Main(string[] args)
    {
        //You have to install your certificate as trusted certificate in your LocalMachine 

        //create your service client/ procy
        using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
        {

            //server certification respond with an error, because doesnt recognize the autority
            ServicePointManager.ServerCertificateValidationCallback += OnServerValError;


            //Assign to self sign certificate
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
            StoreName.Root,
            X509FindType.FindBySubjectName,
            "MY custom subject name"); //SubjectName(CN) from  certificate

            //make a test call to ensure that service responds
            var res = client.echo("test");

            Console.WriteLine(res);
            Console.ReadKey();
        }

    }

    public static bool OnServerValError(object sender, X509Certificate certificate,    X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        //mute the error, or provide some custom validation code
        return true;

        //or more restrictive 

       // if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
        //{


        //    return true;
       // }
       // else
        //{

       //    return false;
       // }
    }

   }
}
ziaziosk
  • 136
  • 4