locked
Few Question about wcf with SSL & Certificate RRS feed

  • Question

  • here i am asking few basic question about wcf ssl & certificate

    i am new in wcf and also to be very honest that i have basic problem to understand the SSL & certificate.

    1) i like to know that when we enable SSL then every time we need to use certificate or the same way when we attach certificate with wcf then SSL will be used implicitly.

    2) SSL & Certificate both are same or different in concept ?

    3) when we self host wcf service then can we enable SSL or certificate...which one will be applicable ?

    4) tcp binding for certificate is not related with http. so when we work with tcp binding then can we enable SSL for tcp binding.

    5) what is difference between SSL & Certificate ?

    6) when we use certificate at service end then client end which consume & call the service they always need to install certificate. if not then when client need to install certificate & when not required. one guy told me that client need to install certificate only when mutual authentication is required but i do not know about what mutual authentication ?

    i know i asked very basic question. if possible please explain all my points in details to clear my doubts. thanks

    Wednesday, April 2, 2014 8:56 AM

Answers

  • Hi

    SSL stands for Secure Sockets Layer, this is an encryption mechanism .  SSL encrypt the messages exchanged between client and server, preferably transport level security allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.

    SSL itself is a certificate which you need to install on server , once installed you can access your website using https://   instead of http://

    HTTPS is --> HTTP + SSL Certificate

    For WCF you need to install the Valid SSL certificate on IIS or create one yourself using makecert.exe command-line utility you can create your own certificates which you can use for testing purpose 

    At client application does not trust the service. You can fix this by inspecting the certificate which the service hands over to the client. You need to hook up a handler for the ServicePointManager’s ServerCertifcateValidationCallback as shown below

    ServicePointManager.ServerCertificateValidationCallback += customXertificateValidation;

    When this callback is triggered you can inspect the server certificate.

    privatestaticbool customXertificateValidation(object sender, X509Certificate cert,

        X509Chain chain, SslPolicyErrors error)

    {

        var certificate = (X509Certificate2) cert;

        // Inspect the server certficiate here to validate // that you are dealing with the correct server.// If so return true, if not return false.

    return true;

    }

    For WCF netTCPBinding you can use Transport Layer Security (TLS) over TCP for more detail refer MSDN : http://msdn.microsoft.com/en-us/library/ms729700(v=vs.110).aspx      

    Regards

    Rajesh Sajjanar

    • Marked as answer by Mou_kolkata Wednesday, April 2, 2014 1:48 PM
    Wednesday, April 2, 2014 10:19 AM

All replies

  • Hi

    SSL stands for Secure Sockets Layer, this is an encryption mechanism .  SSL encrypt the messages exchanged between client and server, preferably transport level security allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.

    SSL itself is a certificate which you need to install on server , once installed you can access your website using https://   instead of http://

    HTTPS is --> HTTP + SSL Certificate

    For WCF you need to install the Valid SSL certificate on IIS or create one yourself using makecert.exe command-line utility you can create your own certificates which you can use for testing purpose 

    At client application does not trust the service. You can fix this by inspecting the certificate which the service hands over to the client. You need to hook up a handler for the ServicePointManager’s ServerCertifcateValidationCallback as shown below

    ServicePointManager.ServerCertificateValidationCallback += customXertificateValidation;

    When this callback is triggered you can inspect the server certificate.

    privatestaticbool customXertificateValidation(object sender, X509Certificate cert,

        X509Chain chain, SslPolicyErrors error)

    {

        var certificate = (X509Certificate2) cert;

        // Inspect the server certficiate here to validate // that you are dealing with the correct server.// If so return true, if not return false.

    return true;

    }

    For WCF netTCPBinding you can use Transport Layer Security (TLS) over TCP for more detail refer MSDN : http://msdn.microsoft.com/en-us/library/ms729700(v=vs.110).aspx      

    Regards

    Rajesh Sajjanar

    • Marked as answer by Mou_kolkata Wednesday, April 2, 2014 1:48 PM
    Wednesday, April 2, 2014 10:19 AM
  • thanks for answer but i like to ask u few couple of questions here

    1) SSL is only related to web site / IIS or can it be attach it with my wcf service which is not hosted in IIS rather self hosted or hosted in win service ?

    2) when we self host wcf service then can we attach SSL with service ? i guess SSL is related to IIS....am i right ?

    3) what is difference between SSL &  Server Certificate ? both are same ?

    4) when we use certificate at service end then client end which consume & call the service they always need to install certificate or not ?. if not then when client need to install certificate ? tell me the scenario. one guy told me that client need to install certificate only when mutual authentication is required but i do not know about what mutual authentication in wcf?

    so tell me briefly what is mutual authentication in wcf? thanks

    Wednesday, April 2, 2014 1:48 PM