locked
Simple way to deploy self hosted WCF (REST) service with SSL RRS feed

  • Question

  • Hello,

      I've developed a RESTful WCF service that is self hosted (not in IIS).  Since the data sent to and from the service needs to be protected in transit (on an internal network - not accessible via the Internet), I have set the binding to use transport security.  Everything works, but I'm just looking for an easy way to deploy this so that users don't need to have IIS or other SDK's etc. to make a x509 certificate request, then purchase an SSL cert from a 3rd party issuer. 

      Is there an easy way I can purchase a single cert or set something up where I could create a cert, then deploy it with my setup.exe and then have it install that cert into the users certificate store and then not have to have them each independently purchase certificates?  (I know this is by design for security the way SSL is setup)  Or would there be a way I could somehow issue a certificate for the end user without having to purchase the cert from the 3rd party issuer?

    Thanks.

    Thursday, June 6, 2013 6:16 PM

Answers

All replies

  • Hi,

    As suggested in this blog: http://www.codeproject.com/Articles/18601/An-easy-way-to-use-certificates-for-WCF-security ,if you want to share the same certificate for more than one client, you can use the same command to generate self-signed certificates or obtain it from a certification, and you may try the alternative approach introduced in that article.

    Best Regards. 


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Haixia_Xie Friday, July 5, 2013 9:02 AM
    Friday, June 7, 2013 8:08 AM
  • Thanks Haixia, that is a very clever solution.  I have two questions about this solution:

    1) If I purchased a certificate from a 3rd party issuer and if my computer's name where the self hosted service will run from is named "MyComputerName" - I'd set the common name of the certificate request as "MyComputerName".  If I now export that cert with a private key and deploy that certificate in my setup.exe (the way the article shows) to another computer called "MyOtherComputerName" - won't that not work properly since the computer names are different? Do I still need to get a separate certificate for each computer this will be deployed to?

    2)  For the self hosted service - I'm running on a random port like 8081 - so I've then taken the thumbprint of the SSL cert and then bind the SSL Cert to the Port though: netsh http sslcert ipport=0.0.0.0:8081 ......  Would I still need to do that on each computer I deploy to so that all traffic leaving that port is secured with that SSL Cert?  (I don't know how it would work without registering to the certificate store)?

    Thanks again for your help.

    Friday, June 7, 2013 12:36 PM
  • Hi,

    I do not have such environment available test for you, but you can have a test as you said at your side. Thanks.

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, June 12, 2013 5:42 AM