8

任何人都可以为我提供有关如何创建自签名证书的示例,该证书将被以下代码接受:

        ServiceHost svh = new ServiceHost(typeof(MyClass));

        var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
        //security
        tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
        svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
        svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
        ....
        svh.Open();

我用过

makecert -pe myCertificate


makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine


makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange

我尝试使用 BouncyCastle 生成证书,但每次我遇到以下异常:

It is likely that certificate 'CN=Dev Certification Authority' may not have a 
private key that is capable of key exchange or the process may not have access 
rights for the private key. Please see inner exception for detail.

并且内部异常为空。

它可能有一个技巧,但我不明白。

如何为我的 WCF 服务生成正确的证书?

4

1 回答 1

1

以下代码适用于框架 4.0:首先
在 LocalMachine 中手动安装您的证书作为受信任的证书
很重要 为了做到这一点,您可以通过打开服务器位置从 Internet Explorer 简单地安装它。

第二个 响应服务器错误,因为自签名证书

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Security.Cryptography.X509Certificates;
 using System.Net;
 using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
    static void Main(string[] args)
    {
        //You have to install your certificate as trusted certificate in your LocalMachine 

        //create your service client/ procy
        using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
        {

            //server certification respond with an error, because doesnt recognize the autority
            ServicePointManager.ServerCertificateValidationCallback += OnServerValError;


            //Assign to self sign certificate
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
            StoreName.Root,
            X509FindType.FindBySubjectName,
            "MY custom subject name"); //SubjectName(CN) from  certificate

            //make a test call to ensure that service responds
            var res = client.echo("test");

            Console.WriteLine(res);
            Console.ReadKey();
        }

    }

    public static bool OnServerValError(object sender, X509Certificate certificate,    X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        //mute the error, or provide some custom validation code
        return true;

        //or more restrictive 

       // if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
        //{


        //    return true;
       // }
       // else
        //{

       //    return false;
       // }
    }

   }
}
于 2013-05-19T15:53:20.070 回答