Self Hosted WCF SSL
Question
Just a quickie.
I am not sure how to approach securing a self hosted WCF service with an SSL certificate. When buying an SSL certificate, I need to do a certificate request based on the FQDN.
Using a self hosted WCF service,
- How do I generate a certificate request for a self hsoted WCF service?
- How do I implement the FQDN for a certificate for a self hosted service? The self hsoted service is accessed on a dynamic DNS name and a port.
Should I just generate a self signed certificate and use that?
Regards
2 answers
solution1
1 2013-09-26 15:05:49
The following link demonstrates the process and enumerates the steps for establishing a certificate signing request.
http://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx
We specify the following for our self-hosted WCF SSL services:
On the Subject tab:
1. In the Subject name area under Type, click Common Name.
2. In the Subject name area under Value, enter the fully qualified domain name, and then click Add.
3. In the Alternative name area under Type, click DNS.
4. In the Alternative name area under Value, enter the fully qualified domain name, and then click Add.
On the Extensions tab:
1. Click the Key usage arrow. In the Available options list, click Digital signature, and then click Add. Click Key encipherment, and then click Add.
2. Click the Extended Key Usage (application policies) arrow. In the Available options list, click Server Authentication and Client Authentication, and then click Add.
solution2
0 2013-09-26 14:48:04
The SSL certificate has two parts to it that you need to know about. The first is the host. This is sent back to the client, so they can verify that the SSL certificate is for what you THINK you were connecting to.
So your host name NEEDS to match the address you are using to connect to the WCF service.
The second part is the signature. This is to verify the SSL certificate has not been changed since it was issued. Think of it as a Counter Signature on your rental agreement.
Now what a Self Signed certificate means...well its exactly what it says on the tin. Your computer signed it. Where as normally you would pay a Certificate Authority to sign it (think of it like getting a Judge to Counter Sign your rental agreement).
So the down side of the Self Signed cert is that no one trusts it, and for good reason.
For 99% of cases, your self signed cert is not going to be trusted by anyone.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.