如何使用makecert创建WCF接受的X509证书

时间:2012-02-12 18:47:35

标签: c# wcf security x509 makecert

任何人都可以向我提供有关如何创建自签名证书的示例,该证书将被以下代码接受:

        ServiceHost svh = new ServiceHost(typeof(MyClass));

        var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
        //security
        tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
        svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
        svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
        ....
        svh.Open();

我用过

makecert -pe myCertificate


makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine


makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange

我尝试使用BouncyCastle生成证书,但每次我都会遇到以下异常:

It is likely that certificate 'CN=Dev Certification Authority' may not have a 
private key that is capable of key exchange or the process may not have access 
rights for the private key. Please see inner exception for detail.

,内部异常为空。

可能有一个技巧,但我没有得到它。

如何为WCF服务生成适当的证书?

1 个答案:

答案 0 :(得分:1)

以下代码适用于框架4.0: 重要的是首先 手动将证书作为可信证书安装在LocalMachine中
为此,您可以通过打开服务器位置从Internet Explorer安装它。

和第二 响应服务器错误,因为自签名证书 

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Security.Cryptography.X509Certificates;
 using System.Net;
 using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
    static void Main(string[] args)
    {
        //You have to install your certificate as trusted certificate in your LocalMachine 

        //create your service client/ procy
        using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
        {

            //server certification respond with an error, because doesnt recognize the autority
            ServicePointManager.ServerCertificateValidationCallback += OnServerValError;


            //Assign to self sign certificate
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
            StoreName.Root,
            X509FindType.FindBySubjectName,
            "MY custom subject name"); //SubjectName(CN) from  certificate

            //make a test call to ensure that service responds
            var res = client.echo("test");

            Console.WriteLine(res);
            Console.ReadKey();
        }

    }

    public static bool OnServerValError(object sender, X509Certificate certificate,    X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        //mute the error, or provide some custom validation code
        return true;

        //or more restrictive 

       // if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
        //{


        //    return true;
       // }
       // else
        //{

       //    return false;
       // }
    }

   }
}
相关问题
最新问题