![](/img/trans.png)
[英]How to create a X509 certificate from Bouncy Castle for use with AuthenticateAsServer?
[英]How to use makecert to create a X509 certificate accepted by WCF
誰能提供一個有關如何創建自簽名證書的示例,以下代碼將接受該示例:
ServiceHost svh = new ServiceHost(typeof(MyClass));
var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
//security
tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
....
svh.Open();
我用過
makecert -pe myCertificate
和
makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine
和
makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange
並且我嘗試使用BouncyCastle生成證書,但是每次遇到以下異常時:
It is likely that certificate 'CN=Dev Certification Authority' may not have a
private key that is capable of key exchange or the process may not have access
rights for the private key. Please see inner exception for detail.
並且內部異常為null。
可能有一個竅門,但我不明白。
如何為WCF服務生成正確的證書?
以下代碼對我適用於Framework 4.0:首先重要
在LocalMachine中手動將證書作為受信任證書安裝
為此,您只需打開服務器位置即可從Internet Explorer進行安裝。
其次是由於自簽名證書而導致的服務器錯誤響應
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
static void Main(string[] args)
{
//You have to install your certificate as trusted certificate in your LocalMachine
//create your service client/ procy
using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
{
//server certification respond with an error, because doesnt recognize the autority
ServicePointManager.ServerCertificateValidationCallback += OnServerValError;
//Assign to self sign certificate
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.Root,
X509FindType.FindBySubjectName,
"MY custom subject name"); //SubjectName(CN) from certificate
//make a test call to ensure that service responds
var res = client.echo("test");
Console.WriteLine(res);
Console.ReadKey();
}
}
public static bool OnServerValError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
//mute the error, or provide some custom validation code
return true;
//or more restrictive
// if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
//{
// return true;
// }
// else
//{
// return false;
// }
}
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.