Reputation: 43
Can I use a Let's Encrypt certificate with my self-hosted WCF application?
I've found several guides on how to generate a self-signed CA and then a cert for the service.
Example: https://www.codeproject.com/Articles/24027/SSL-with-Self-hosted-WCF-Service
I've little idea about certificates, so my question is, is the Let's Encrypt certificate compatible with a self-hosted WCF service?
I could buy a certificate, if a commercial CA offered a format that Let's Encrypt did not.
Thanks.
Upvotes: 3
Views: 2061
Answers (1)
Reputation: 1733
It is possible to use a Let's Encrypt certificate to make a WCF service communicate over https. You can set it up using one of the windows clients listed on the letsencrypt.org website.
If you decide to use the ACMESharp client, you will notice that one fundamental functionality is not yet implemented cleanly: certificate renewal.
However, this issue can be addressed by using a script provided by Marc Durdin he submitted on his blog.
After you have setup the ACMESharp client and defined the variables in the script, you will have to create a scheduled task which runs every 60 days and executes the script.
To make a WCF service use an https binding, you will have to define that binding in the configuration of the service.
Create a security element. Then, reference the parent binding elements' name attribute in the bindingConfiguration attribute of the endpoint element. In the address attribute of that same endpoint element you have to specify the https address under which your service will be available.
If you use a port different than 443, you will have to explicitly define it like so: https://hostname.tld:port/ServiceName/.
Once you have all this set up, you will have to bind the certificate supplied by letsencrypt to that binding. You can do this with the netsh http add sslcert command. I wrote the following script which you can use to automate this process in conjunction with the renewal of the certificate mentioned above:
$domain = 'hostname.tld' # insert your hostname
$ipport = '0.0.0.0:portnumber' # insert the proper binding
$getThumb = Get-ChildItem -path cert:\LocalMachine\My | where { $_.Subject -match $domain }
$certHash = $getThumb.Thumbprint
$activeBinding = netsh http show sslcert ipport=$ipport
$activeBindingHash = $activeBinding[5]
$guid = '{' + [guid]::NewGuid() + '}'
If( -Not $activeBindingHash )
{
netsh http add sslcert ipport=$ipport certhash=$certHash appid=$guid
return
}
$hashesMatch = $activeBindingHash | Select-String -Pattern $certHash -Quiet
If( -Not $hashesMatch )
{
netsh http delete sslcert ipport=$ipport
netsh http add sslcert ipport=$ipport certhash=$certHash appid=$guid
}
If you define the variables in the script and run that as a scheduled task too, your wcf service will use an ssl certificate from Let's Encrypt which will get renewed and rebound automatically.
Upvotes: 2
Related Questions
- Using certificate only on server side
- SSL Server-side certificate on client computer?
- Authenticating to an SSL secured WCF Service from a Winforms client using a self-signed certificate
- WCF service self hosting with https
- WCF, self signed Certificates for Encryption
- SSL certificate for WCF service hosted on windows service
- Consume WCF secured with SSL certificate in a winform application
- Self Hosted WCF Programattic HTTPS?
- How to setup selfhosted https WCF service with embedded certificates on client and server?
- Self - hosted WCF server and SSL