none
Question on configuring certificates for https( transport security with certifcate) RRS feed

  • Question

  • I have wcf service configured with transport security with certificate. I looked the documentation - How to: Create and Install Temporary Certificates in WCF for Message Security During Development - at http://msdn.microsoft.com/en-us/library/ff647171.aspx. It worked fine with temporary certificates.

    However, when I tried to move it to production environment with real production certificates, I encountered problem. In the document, all crl, and server and client certificates are generated via makecert with private key(.pvk) file. My IT admin doesn't allow private key to be installed on clients. So does client certificates require private key? Which command can generate client certificate without private key?

    Thursday, December 19, 2013 6:03 PM

Answers

  • Hi,

    >>So does client certificates require private key? Which command can generate client certificate without private key?

    Yes, the client certificates require private key. Because when we configured that client authenticates by Certificate, we need two certificates. First we need a server certificate where server has a public and private key (and has access to that key) and client has a public key. Then we need a client certificate where client has a public and private key (and has access to that key) and server has a public key. In your client configuration if you are configuring client certificate, then client needs its private key. Without the private key, the SSL server would not be able to verify that who you are and what you say.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by s liu Friday, December 20, 2013 4:53 PM
    Friday, December 20, 2013 3:08 AM
    Moderator

All replies

  • Hi,

    >>So does client certificates require private key? Which command can generate client certificate without private key?

    Yes, the client certificates require private key. Because when we configured that client authenticates by Certificate, we need two certificates. First we need a server certificate where server has a public and private key (and has access to that key) and client has a public key. Then we need a client certificate where client has a public and private key (and has access to that key) and server has a public key. In your client configuration if you are configuring client certificate, then client needs its private key. Without the private key, the SSL server would not be able to verify that who you are and what you say.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by s liu Friday, December 20, 2013 4:53 PM
    Friday, December 20, 2013 3:08 AM
    Moderator
  • Ok, I have to let our IT system admin to know about this.

    Thanks for quick reply!!!

    Friday, December 20, 2013 4:53 PM