Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / February 2006

Tip: Looking for answers? Try searching our database.

What certificate to use

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
ted185 - 16 Feb 2006 19:41 GMT
I am Signing a SOAP Message by Using a User Name and Password and encrypting
it with the x.509 certificate.

I have a web service and a vp app that connects to the web servcie.

Exactly which certificate do I need to get from Verisign to make this work
on a production WEB server.    the code works fine with the quickstart
certificate on my xp workstation but I can not figure out which certificate
from verisign I need to purchase.
Reply to this Message
Julie Lerman - 17 Feb 2006 01:52 GMT
You are not alone with this question.

The certificate that is used for SSL is the same as the certificate that you
need to do your web service security. It's confusing because we are not
using it for SSL but that's just what all of the CA's call it.

So for example on Thawte, they have a few flavors such as "SSL Web Server
Certificate" and a lighter weight one that is "SSL 123".

hth

julie lerman

>I am Signing a SOAP Message by Using a User Name and Password and
>encrypting
[quoted text clipped - 7 lines]
> certificate
> from verisign I need to purchase.
Reply to this Message
dustin.breese - 22 Feb 2006 18:19 GMT
We tried to generate our own custom certs via OpenSSL, but can't seem
to get it to work.

Here's what we did to try things, but WSE always complains about
validating the signing/encryption ("Exception thrown: The security
token could not be authenticated or authorized") --

- Create our own test CA
CA.pl -newca

- Import the test CA into the trusted CA store for localmachine

- Create our own pub/priv key pair and generate sign request
CA.pl -newreq

- Sign it
CA.pl -sign

- Export as PKCS12
CA.pl -pkcs12

- Import PCKS12 file into My store.

We also found an article

http://www.javakb.com/Uwe/Forum.aspx/java-security/89/NET-WSE-and-Java-security-
WS-Security-interop

to make sure OpenSSL is configured so that the "KeyUsage" includes
certain options.  We enabled this by modifying openssh.cnf so that
keyUsage = "critical, nonRepudiation, digitalSignature,
keyEncipherment, dataEncipherment".

Altering the keyUsage values does indeed affect the key generation, but
only that it adds these values to an attribute in the certificate
itself.

Any thoughts on generating your own OpenSSL certificates?  Are there
any how-tos on generating your own?

Thanks in advance,
Dustin
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.