Secure WCF Service communication by creating certificate

Question

I have a windows service, that is controlled by an windows forms programm via WCF. At the moment there is no security enabled, so that everyone can sniff the communication between the windows service and the windows forms program.

Now I want to secure the communication, so I have to use certificates. But I do not want to provide a global certificate to the service, because the service and the monitoring program is running by customer.

So my questions are:

Is it a good solution to create self signed certificates at installation time on client machine to use for wcf?

Is there a way to create a self signed certificate in c#? The only solution I have found was using MakeCert or to invoke CertEnroll.dll.

Answer 1

Yes, you can create self signed certificates using MakeCert. By passing -r on command parameters.

The thing is that Self signed certificates should be used to create the client certificate and the service certificate.

In the client machine you should have installed: - Service certificate with public key (Trusted) - Client certificate with both public and private key (Personal) - Self-Signed certificate with public key (Trusted authorities)

In the service machine: - Client certificate with public key (Trusted) - Service certificate with both public and private key (Personal) - Self-Signed certificate with public key (Trusted authorities)

Then you should configure wcf service and wcf client to enable security on transport and message, and also you must specify where to find the certificate with private key.

Answer 2

Have you thought about using X509 certificates???

See this link

How to create a self-signed certificate using C#?

Hope this helps

Baz