CODEWITHSUNDEEP
wcfwcf-securityx509certificatex509
user472292
user472292

Reputation: 329

WCF Authentication - X509 Certificate

I want to authenticate users to my WCF service using X509 certificates. I setup my service to use SSL and make all relevant WCF configuration. When I try to consume my service I get the following error:

 The remote certificate is invalid according to the validation procedure.

If I take my certificate (self-signed) and add it to the Trusted People, then that error goes away. I believe this means I need to provide my certificate to all (external) consumers of my service. Is there any way around this?

Upvotes: 2

Views: 1345

Answers (3)

user472292
user472292

Reputation: 329

Since we are using a self-signed certificate for dev purposes, I had to override the validation of the certificate. My code was:

if (validateServerCertificate)
        {
            ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);
        }
private static bool ValidateRemoteCertificate(object sender,
                                                  X509Certificate certificate,
                                                  X509Chain chain,
                                                  SslPolicyErrors policyErrors)
    {
        return true;
    }

Upvotes: 0

Eugene Mayevski 'Callback
Eugene Mayevski 'Callback

Reputation: 46040

Self-signed certificates are not and can not be trusted (unless the user explicitly trusts them or some code does this). You indeed need to purchase a certificate from one of established CAs such as Thawte, GlobalSign, Comodo (InstantSSL). We use GlobalSign and Comodo, each has it's own advantages. What you need is a regular "SSL certificate" (as they call it though this name is incorrect) issued for your server's domain name.

Upvotes: 0

Frode Stenstrøm
Frode Stenstrøm

Reputation: 1048

All cerificates are validated by a certificate authority (CA).

In your case, I suspect that your CA is not trusted. Start MMC and add certificate manager for your local machine. Se under Trusted Root CA (do not remember exact word).

Self-signed certicates means that the CA of a certificate is the same as the certificate itself.

Also realize how you can use certificates: Are you using them to identifify your clients, or for SSL purposes of encrypting the transport level?

If you want to use certificates for many different clients, I strongly recommend you take a look at public PKI services from companies like Verisign

Upvotes: 1

Related Questions