WSE, Certificate stores and mutualCertificate11Security
If you want to secure a web service using Web Service Enhancements (WSE) and
are looking at the mutual certificates option mutualCertificate11Security you
might be unpleasantly surprised that the configuration tool, Start/Programs/WSE 3.0/Configuration Tool,
is wrong and misleading :-(
When trying to add authorized clients the dialog list the certificates stored
in the “Local Machine – Personal Store” however the runtime looks in "Local
Machine – Trusted People". Clearly the result is that any attempt to use the
configuration tool fails because the required certificate cannot be selected or
when running the application.
The correct place for the certificates is:
Server side:
Store the server certificate, both private and public key, in "Local
Computer/Personal/Certificates".
Store the client certificate, just the public key, in "Local Machine – Trusted
People".
Client side:
Store the client certificate, both private and public key, in "Current
user/Personal".
Store the server certificate, just the public key, in "Current user/Other
People".
When de developing on
a single machine the easies way to create the required certificates is the
following batch file. Run form Start/Programs/ Microsoft .NET Framework SDK
v2.0 /SDK Command Prompt.
certmgr -del -r LocalMachine -s My -c -n
TheProblemSolverServer
certmgr -del -r LocalMachine -s AddressBook -c -n TheProblemSolverServer
certmgr -del -r CurrentUser -s My -c -n
TheProblemSolverClient
certmgr -del -r LocalMachine -s TrustedPeople -c -n TheProblemSolverClient
makecert -sr LocalMachine -ss My -sky exchange -n CN=TheProblemSolverServer -r -pe
certmgr -add -r LocalMachine -s My -c -n TheProblemSolverServer -r LocalMachine -s AddressBook
makecert -sr CurrentUser -ss My -sky exchange -n CN=TheProblemSolverClient -r -pe
certmgr -add -r CurrentUser -s My -c -n TheProblemSolverClient -r LocalMachine –s TrustedPeople
|
