Banshee
Banshee

Reputation: 15847

Generated certificates do not work?

I have used the followings commands on the Windows 8 Server to generate a client and service certificate for my WCF TCP solution :

makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=MyAppServer -sky exchange -pe
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=MyAppClient -sky exchange –pe

The certificates are installed and then moved to TrustedPeople with MMC. Then I use MMC to export both certificates to files, these is then both installed on the client machine under CurrentUser/TrustedPeople.

When viewing both certs in MMC on client it says :

"The Integrity of this certificate cannot be guaranteed. The certificate may be corruped or may have been altered"

I can see that the Root Agence and the MyAppServier got a cross on theme.

When I try to connect to the WCF service(located on Windows 8 Server) I will get the following exception on the client :

Cannot find the X.509 certificate using the following search criteria: StoreName 'TrustedPeople', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'MyAppClient'.

I have double checked the Trusted People under CurrentUser and they are in place?

If I run all this (including generating and installing the certificates) from my client computer everything works just fine? I suspect that there is something that is not right about these certificates?

I need certificates for testing so I do not have any "real" certificates, but from my experience it should work to generate certificates on the service and then use them in the test environment?

So what am I doing wrong here?

Upvotes: 1

Views: 4702

Answers (2)

Banshee
Banshee

Reputation: 15847

This link solved my problem and explained a lot : http://robbincremers.me/2011/12/29/wcf-message-security-and-client-certificate-authentication-with-self-signed-certificates/

This will however not use the IIS7 to generate the certificates.

Upvotes: 1

Trevor
Trevor

Reputation: 4860

One thing I've done in the past when I can't get certs to work is just created them through the IIS 7 UI. IIS will put the cert that it creates into Personal certs and Trusted Users on your machine.

http://technet.microsoft.com/en-us/library/cc753127%28v=ws.10%29.aspx

Best of luck.

Upvotes: 0

Related Questions