All geek questions in one place

What role does an open certificate play in WCF?

We have our own certificate, which we use as part of ClientCredentials in the transport client credentials, as shown below.

 WSHttpBinding wsBinding = new WSHttpBinding(); wsBinding.Security.Mode = System.ServiceModel.SecurityMode.Transport; wsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; wsClient = new WSService.WSClient(wsBinding, new EndpointAddress(serviceURL)); wsClient.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, clientCertificateSubjectName);

Our partner also provided us with a copy of his certificate, which is used on the server to verify their server. Calls to the service are currently doing well unless we have installed or done anything with this certificate.

We use ColdFusion, and as a rule, we should install them in the java certificate store, but it seems strange to me that the service connection works in Visual Studio when I did nothing with the service certificate

What is the role / purpose of the service certificate? Clients install it in trustees of MMC certificates or refer to it in the client configuration, for example. WSHttpBinding above?

+5
source share
1 answer

To communicate with the server via SSL, the client and server must accept each other's certificate if a client certificate request is configured on the server. Since you have already managed to contact the server, this means that:

  • the server accepted your client certificate or was not configured to require a client certificate
  • your client explicitly accepts the server certificate or does it implicitly because this certificate has a valid trust chain on your client (the issuing CA or root CA is in the list of trusted root CAs and the certificate is not in any revocation list)

If you want to allow only communication with the server that sends the certificate provided by your partner. Then you need to write the code so that your client explicitly compares the server certificate with this certificate, and then continues its calls to the service or allows it to kill the connection.

To answer your question: the only purpose I can think of, of this explicitly provided certificate, is that it is used in the script described above.

+2
source

Source: https://habr.com/ru/post/1275114/

More articles:


All Articles