[英]How to create a X509 certificate from Bouncy Castle for use with AuthenticateAsServer?
[英]How to use makecert to create a X509 certificate accepted by WCF
谁能提供一个有关如何创建自签名证书的示例,以下代码将接受该示例:
ServiceHost svh = new ServiceHost(typeof(MyClass));
var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
//security
tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
....
svh.Open();
我用过
makecert -pe myCertificate
和
makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine
和
makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange
并且我尝试使用BouncyCastle生成证书,但是每次遇到以下异常时:
It is likely that certificate 'CN=Dev Certification Authority' may not have a
private key that is capable of key exchange or the process may not have access
rights for the private key. Please see inner exception for detail.
并且内部异常为null。
可能有一个窍门,但我不明白。
如何为WCF服务生成正确的证书?
以下代码对我适用于Framework 4.0:首先重要
在LocalMachine中手动将证书作为受信任证书安装
为此,您只需打开服务器位置即可从Internet Explorer进行安装。
其次是由于自签名证书而导致的服务器错误响应
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
static void Main(string[] args)
{
//You have to install your certificate as trusted certificate in your LocalMachine
//create your service client/ procy
using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
{
//server certification respond with an error, because doesnt recognize the autority
ServicePointManager.ServerCertificateValidationCallback += OnServerValError;
//Assign to self sign certificate
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.Root,
X509FindType.FindBySubjectName,
"MY custom subject name"); //SubjectName(CN) from certificate
//make a test call to ensure that service responds
var res = client.echo("test");
Console.WriteLine(res);
Console.ReadKey();
}
}
public static bool OnServerValError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
//mute the error, or provide some custom validation code
return true;
//or more restrictive
// if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
//{
// return true;
// }
// else
//{
// return false;
// }
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.