Can I use a Let's Encrypt certificate with my self-hosted WCF application?

时间:2017-04-10 01:15:04

标签: c# wcf ssl

I've found several guides on how to generate a self-signed CA and then a cert for the service.

Example: https://www.codeproject.com/Articles/24027/SSL-with-Self-hosted-WCF-Service

I've little idea about certificates, so my question is, is the Let's Encrypt certificate compatible with a self-hosted WCF service?

I could buy a certificate, if a commercial CA offered a format that Let's Encrypt did not.

Thanks.

1 个答案:

答案 0 :(得分:1)

可以使用Let的加密证书使WCF服务通过https进行通信。您可以使用letsencrypt.org网站上列出的某个Windows客户端进行设置 如果您决定使用ACMESharp client,您会注意到尚未完全实现一项基本功能:certificate renewal
但是,这个问题可以通过使用他提交的on his blog提交的Marc Durdin提供的脚本来解决 设置ACMESharp客户端并在脚本中定义变量后,您必须创建一个每60天运行一次的计划任务并执行脚本。

要使WCF服务使用https绑定,您必须在服务配置中定义该绑定。
创建一个security元素。然后,在endpoint elementbinding属性中引用父name元素'bindingConfiguration属性。在同一address元素的endpoint属性中,您必须指定用于提供服务的https地址。
如果您使用的端口不是443,则必须明确定义它:https://hostname.tld:port/ServiceName/

完成所有这些设置后,您必须将letsencrypt提供的证书绑定到该绑定。您可以使用netsh http add sslcert命令执行此操作。我编写了以下脚本,您可以使用该脚本自动执行此过程以及上述证书的续订:

$domain = 'hostname.tld' # insert your hostname
$ipport = '0.0.0.0:portnumber' # insert the proper binding
$getThumb = Get-ChildItem -path cert:\LocalMachine\My | where { $_.Subject -match $domain }
$certHash = $getThumb.Thumbprint
$activeBinding = netsh http show sslcert ipport=$ipport
$activeBindingHash = $activeBinding[5]
$guid = '{' + [guid]::NewGuid() + '}'
If( -Not $activeBindingHash )
{
    netsh http add sslcert ipport=$ipport certhash=$certHash appid=$guid  
    return  
}
$hashesMatch = $activeBindingHash | Select-String -Pattern $certHash -Quiet
If( -Not $hashesMatch )
{
    netsh http delete sslcert ipport=$ipport
    netsh http add sslcert ipport=$ipport certhash=$certHash appid=$guid    
}

如果您在脚本中定义变量并将其作为计划任务运行,则wcf服务将使用来自Let's Encrypt的ssl证书,该证书将自动更新并反弹。