Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / April 2006

Tip: Looking for answers? Try searching our database.

Where does the client certificate come from?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Mark - 17 Apr 2006 18:06 GMT
I would like to create a X509v3 digital certificate for testing my
HelloWorldWebService.   My understanding is that I need a Server certificate
with a public and private key and I believe I can create one using
Certificate server on Windows 2003 Server.   How do I create the client
certificate with the servers certificates public key?
Reply to this Message
Anders Lybecker - 17 Apr 2006 19:55 GMT
Hi Mark,

> I would like to create a X509v3 digital certificate for testing my
> HelloWorldWebService.   My understanding is that I need a Server certificate
> with a public and private key and I believe I can create one using
> Certificate server on Windows 2003 Server.   How do I create the client
> certificate with the servers certificates public key?

With the usernameForCertificateAssertion turnkey you do not need a
client certificate. The client needs the public key from the server
certificate.

You do not need a Certificate server to create a test certificate. For a
test certificate you can use makecert. See this link on how to create
the server certificate: http://www.inventec.ch/chdh/notes/14.htm

:-)
Anders Lybecker
Reply to this Message
Mark - 17 Apr 2006 22:35 GMT
How do I provide the public key of the Server certificate to the client via
code?
Reply to this Message
Mark - 17 Apr 2006 23:07 GMT
I used makecert according to the web page listed and then used the cert in
the web service policy and specified it in the client code.   It fails with
{"Security requirements are not satisfied because the security header is not
present in the incoming message."}

Help :)
Reply to this Message
Mark - 17 Apr 2006 23:48 GMT
The only time I can get my HelloWorldWebService to work is if I use the
WSEQuickStartServer certificate on both the client and server.  Hope this
helps determine why I get the error shown in the previous message.

Thanks
Reply to this Message
Steven Cheng[MSFT] - 18 Apr 2006 04:18 GMT
Hi Mark,

If you have an internal windows certificate server available, it's
convenient to use it for creating test certificate. You can just use the
certificate server to publish a server certificate which contains private,
public key pairs. After install it on the server machine(which host your
WSE server application), you can use the windows certificate management
console(can lauch it through MMC snap-in) to view that installed
certificate, and we can also export it without private key, and the
certificate exported without private key(only public key) is just the one
which can be used as client certificate.  If you want to make a certificate
for client which also need sign and encrypt, you also need to create a
certificate which contains private key for client(just like the server
certificate).

In addition, if you're going to use the makecert tools to create test
certificates, you can have a look at the WSE samples' setup.bat file, it
contains script code which use makecert.exe to create test certificate
(both server and client ones).

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
Reply to this Message
Brian Smith - 20 Apr 2006 18:57 GMT
>The client needs the public key from the server certificate.

Anders, sorry to butt in, but can you explain a bit more. How does the
client work without the certificate? The reference in the
wse2policycache.config appears to require a certificate to be installed
on the client. This is something I definitely want to avoid.

e.g.
  <usernameForCertificateSecurity establishSecurityContext="true"    
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
      <serviceToken>
        <x509 storeLocation="CurrentUser" storeName="AddressBook"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName" />
      </serviceToken>

brian smith

> Hi Mark,
>
[quoted text clipped - 14 lines]
> :-)
> Anders Lybecker
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.