当前位置: 文江博客话题详情

如何使用makecert创建WCF接受的X509证书

发布于 2025-01-04 11:07:17 字数 1395 浏览 2 评论 0原文

任何人都可以为我提供一个关于如何创建自签名证书的示例,该证书将被以下代码接受:

        ServiceHost svh = new ServiceHost(typeof(MyClass));

        var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
        //security
        tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
        svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
        svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
        ....
        svh.Open();

我已经使用过

makecert -pe myCertificate

并且

makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

并且

makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange

我已经尝试使用 BouncyCastle 生成证书,但是每次我得到以下异常:

It is likely that certificate 'CN=Dev Certification Authority' may not have a 
private key that is capable of key exchange or the process may not have access 
rights for the private key. Please see inner exception for detail.

并且内部异常为空。

可能有一个技巧,但我不明白。

如何为我的 WCF 服务生成正确的证书?

原文

Can anyone provide me with an example on how to create a self signed certificate, which would be accepted by the following code:

        ServiceHost svh = new ServiceHost(typeof(MyClass));

        var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
        //security
        tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
        svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
        svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
        ....
        svh.Open();

I've used

makecert -pe myCertificate

and

makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

and

makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange

and I've tried to generate the certificate with BouncyCastle, but every time I'm getting following exception:

It is likely that certificate 'CN=Dev Certification Authority' may not have a 
private key that is capable of key exchange or the process may not have access 
rights for the private key. Please see inner exception for detail.

and the inner exception is null.

There's likely a trick to it, but I'm not getting it.

How do I generate a proper certificate for my WCF service??

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

浅浅淡淡 2025-01-11 11:07:17

以下代码适用于框架 4.0:
首先很重要
在 LocalMachine 中手动安装您的证书作为受信任证书
为此,您只需从 Internet Explorer 打开服务器位置即可安装它。

第二个
响应服务器错误,因为自签名证书

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Security.Cryptography.X509Certificates;
 using System.Net;
 using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
    static void Main(string[] args)
    {
        //You have to install your certificate as trusted certificate in your LocalMachine 

        //create your service client/ procy
        using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
        {

            //server certification respond with an error, because doesnt recognize the autority
            ServicePointManager.ServerCertificateValidationCallback += OnServerValError;


            //Assign to self sign certificate
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
            StoreName.Root,
            X509FindType.FindBySubjectName,
            "MY custom subject name"); //SubjectName(CN) from  certificate

            //make a test call to ensure that service responds
            var res = client.echo("test");

            Console.WriteLine(res);
            Console.ReadKey();
        }

    }

    public static bool OnServerValError(object sender, X509Certificate certificate,    X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        //mute the error, or provide some custom validation code
        return true;

        //or more restrictive 

       // if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
        //{


        //    return true;
       // }
       // else
        //{

       //    return false;
       // }
    }

   }
}

The following code works for me for framework 4.0:
It is important first
to install your certificate manually as trusted certificate in your LocalMachine
In order to do this you can install it simply from internet explorer by opening the server location.

and second
to respond to the server error, because of the self sign certificate

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Security.Cryptography.X509Certificates;
 using System.Net;
 using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
    static void Main(string[] args)
    {
        //You have to install your certificate as trusted certificate in your LocalMachine 

        //create your service client/ procy
        using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
        {

            //server certification respond with an error, because doesnt recognize the autority
            ServicePointManager.ServerCertificateValidationCallback += OnServerValError;


            //Assign to self sign certificate
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
            StoreName.Root,
            X509FindType.FindBySubjectName,
            "MY custom subject name"); //SubjectName(CN) from  certificate

            //make a test call to ensure that service responds
            var res = client.echo("test");

            Console.WriteLine(res);
            Console.ReadKey();
        }

    }

    public static bool OnServerValError(object sender, X509Certificate certificate,    X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        //mute the error, or provide some custom validation code
        return true;

        //or more restrictive 

       // if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
        //{


        //    return true;
       // }
       // else
        //{

       //    return false;
       // }
    }

   }
}
回复 原文
~没有更多了~

关于作者

尘世孤行

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

紫罗兰の梦幻

文章 0 评论 0

-2134

文章 0 评论 0

liuxuanli

文章 0 评论 0

意中人

文章 0 评论 0

○愚か者の日

文章 0 评论 0

xxhui

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文