Reputation: 15847
I have used the followings commands on the Windows 8 Server to generate a client and service certificate for my WCF TCP solution :
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=MyAppServer -sky exchange -pe
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=MyAppClient -sky exchange –pe
The certificates are installed and then moved to TrustedPeople with MMC. Then I use MMC to export both certificates to files, these is then both installed on the client machine under CurrentUser/TrustedPeople.
When viewing both certs in MMC on client it says :
"The Integrity of this certificate cannot be guaranteed. The certificate may be corruped or may have been altered"
I can see that the Root Agence and the MyAppServier got a cross on theme.
When I try to connect to the WCF service(located on Windows 8 Server) I will get the following exception on the client :
Cannot find the X.509 certificate using the following search criteria: StoreName 'TrustedPeople', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'MyAppClient'.
I have double checked the Trusted People under CurrentUser and they are in place?
If I run all this (including generating and installing the certificates) from my client computer everything works just fine? I suspect that there is something that is not right about these certificates?
I need certificates for testing so I do not have any "real" certificates, but from my experience it should work to generate certificates on the service and then use them in the test environment?
So what am I doing wrong here?
Upvotes: 1
Views: 4702
Reputation: 15847
This link solved my problem and explained a lot : http://robbincremers.me/2011/12/29/wcf-message-security-and-client-certificate-authentication-with-self-signed-certificates/
This will however not use the IIS7 to generate the certificates.
Upvotes: 1
Reputation: 4860
One thing I've done in the past when I can't get certs to work is just created them through the IIS 7 UI. IIS will put the cert that it creates into Personal certs and Trusted Users on your machine.
http://technet.microsoft.com/en-us/library/cc753127%28v=ws.10%29.aspx
Best of luck.
Upvotes: 0