Testing a WCF Service with certificates locally

Question

I have a WCF Service which exposes a method to receive content. This service is going to be consumed by a client over the internet. Client provided the following certificates and installed them as follows on my local machine:

Comodo Intermediate .cert 1) Intermediate Certification Authorities > Comodo Intermediate

Comodo Root .cert 2) Trusted Root Certification Authorities > Commodo Root

X509 Client Certificate .pem 3) Trusted People Store > Client certificate

I want to test/emulate a client call to test my webservice which is running locally. I installed the certificates and added the following binding to my WCF Service config

<protocolMapping>
      <add scheme="https" binding="wsHttpBinding"/>
    </protocolMapping>
    <bindings>
      <wsHttpBinding>
        <binding>
          <security mode="Transport">
            <transport clientCredentialType="Certificate"></transport>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

I created a test client console application and added the following config

<behaviors>
      <endpointBehaviors>
        <behavior name="endpointCredentialBehavior">
          <clientCredentials>
            <clientCertificate findValue="ClientCertificate"
                               storeLocation="LocalMachine"
                               storeName="My"
                               x509FindType="FindBySubjectName" />
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="Binding1">
          <security mode="Transport">
            <transport clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

I know that on the testing and production environment, I have a server certificate but to test this all locally and successfully, would I need to create a server certificate and how so. Could this be done on the same box or would I have to use SOAP UI or something?

Answer 1

If you have a service certificate (issued by some formal institution), you can test it locally, please refer to the below link.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
When we use the transport security with certificate, we should establish trust relationship between the client and the server first, and then if we want to use the self-signed certificate, we could PowerShell to create the certificate. Please refer to the below Powershell command to create self-signed certificate.

New-SelfSignedCertificate -DnsName "vabqia864VM" -CertStoreLocation "cert:\LocalMachine\My"

For details.
https://learn.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
For server side, we are supposed to configure a port with the SSL certificate since we use https protocol(if we use IIS to host this, the web site binding module will do this).
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
For client side, we should provide a client certificate for authentication (also could use endpoint behavior to complete this).

ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "9ee8be61d875bd6e1108c98b590386d0a489a9ca");

Feel free to let me know if there is anything I can help with.