1

I'm looking at implementing PKI authentication ( 2 way SSL requiring x.509 certificates) for OpenRasta service.
Any ideas on how to go about this?
Thanks

KlsLondon
  • 1,160
  • 1
  • 9
  • 18

1 Answers1

2

I assume that you're using the HttpListener hosting.

To enable SSL / Client certifiacates, those settings are set by httpcfg.

You can find some information at http://msdn.microsoft.com/en-us/library/ms733791.aspx. More specifically, you should be able to enable SSL with client certificates using

httpcfg set ssl -i 0.0.0.0:8012 -h 0000000000003ed9cd0c315bbb6dc1c08da5e6 -f 3

On platforms where that tool can be used. The -u is your ip/port. You probably want -f 3 as this maps the client certificate to a windows account, but -f 2 would do the transport security without caring for setting authentication. -h is the thumprint of the certificate, which should be installed in the destination server's certificate store, you can find that with the usual windows admin tools.

There's also a tool that lets you control http.sys at http://httpsysconfig.codeplex.com/

SerialSeb
  • 6,701
  • 24
  • 28
  • 1
    That worked straight away, all I had to do is change endpoints prefix to https:// and use option f 2 on the above. – KlsLondon Mar 13 '12 at 16:18