我需要保护使用 netTcpBinding 并直接与基于 Windows 窗体的应用程序连接的 WCF 服务。 我只需要它在传输层得到保护。
我很确定我可以在本地运行该服务,即我可以在本地运行该服务,并与客户端连接到它。
当我尝试设置服务以使其在服务器而不是本地计算机上运行时,我遇到了证书问题。 错误日志表明证书必须具有能够进行密钥交换的私钥,并且进程必须具有私钥的访问权限。
我正在使用使用 makecert 创建的开发证书。
makecert -n "CN=MY COMPANY DEBUG" -pe -sky exchange Debug.cer
我必须承认我对使用证书很陌生。 有谁知道如何解决此问题,或者有更好的方法使用证书通过 netTcpBinding 将传输安全性添加到 WCF 服务吗?
谢谢。
I need to secure a WCF service that uses netTcpBinding and connects directly with a Windows Forms based application. I only need it to be secured at the transport layer.
I'm pretty sure that I have it working locally, i.e. I can run the service locally, and connect to it with the client.
When I try to setup the service so that it is running on a server as opposed to my local machine, I'm having certificate issues. The error log says that the certificate must have a private key that is capable of key exchange and that the process must have access rights for the private key.
I'm using a development certificate created using makecert.
makecert -n "CN=MY COMPANY DEBUG" -pe -sky exchange Debug.cer
I must admit that I'm very new to using certificates. Does anyone have any pointers on how I can fix this, or a better way to use a certificate to add transport security to a WCF service using netTcpBinding?
Thanks.
发布评论
评论(2)
试试这个:
然后您将得到三个文件:.cer 文件(公钥)、.pvk(私钥)和 .pfx(与两者进行密钥交换)。 然后,您可以在服务器上安装 .pfx 文件,如下所示:
在客户端,您只需安装 .cer 文件。 您还可以通过证书 MMC 管理单元(“开始”、“运行”、MMC.exe,然后为当前计算机添加证书管理单元)来完成这些安装(上面的 .cer 和 .pfx)。
Try this:
You will then end up with three files, the .cer file (public key), the .pvk (private key), and the .pfx (key exchange with both). You can then install the .pfx file on the server like so:
At the client end, you only need to install the .cer file. These installs (.cer and .pfx above) you can also do through the Certificates MMC snap-in (Start, Run, MMC.exe, then add the Certificates snap-in for the current machine).
阅读此(涵盖 https 情况,但仍然可能有帮助)和 此。
由于我们正在讨论传输级安全性,因此我认为您的服务器进程不应该了解有关您用来提供它的证书的任何信息。
Read this (covers https case but still may help) and this.
Since we are talking about transport-level security, I don't think your server process should know anything about certificate you are using to provide it.