WCF, self-signed certificates for encryption

Question

WCF, self-signed certificates for encryption

I want to create WCF services using aspnet membership to authorize the user. However, if I need a certificate for encryption purposes only, does it matter if it is a self-signed certificate or do you need to buy a certificate from a supplier?

+3

certificate service wcf

Watson Feb 19 '10 at 19:23

source share

2 answers

A self-signed certificate, regardless of whether you authenticate a user, carries the same risks. Best practice is to use a real certificate in a production environment. With some very cheap prices these days, this is not a big part of the financial burden to take on more (unless you are a fan of Verisign).

It was discussed and noted that self-signed certificates in the WCF production environment also have serious performance issues:

+3

KP. 19 . '10 19:28

casperOne · Accepted Answer · 2010-02-19T19:26:41+0000

You can use self-signed certificates, but the problem is that you need to install a certificate on each machine that will use the certificate for encryption.

If you have a large number of machines on which clients will work, this can easily become prohibitive in terms of service and configuration, and this easily justifies the purchase of a certificate from an authority.

WCF, self-signed certificates for encryption

More articles: