如何使用makecert创建WCF接受的X509证书

本文关键字：X509 证书 WCF 何使用 makecert 创建 | 更新日期: 2023-09-27 18:24:07

有人能为我提供一个如何创建自签名证书的例子吗？该证书将被以下代码接受：

        ServiceHost svh = new ServiceHost(typeof(MyClass));
        var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
        //security
        tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
        svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
        svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
        ....
        svh.Open();

我用过

makecert -pe myCertificate

和

makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

和

makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange

我试着用BouncyCastle生成证书，但每次都会出现以下异常：

It is likely that certificate 'CN=Dev Certification Authority' may not have a 
private key that is capable of key exchange or the process may not have access 
rights for the private key. Please see inner exception for detail.

并且内部异常为null。

它可能有一个诀窍，但我不明白。

如何为WCF服务生成正确的证书？？

如何使用makecert创建WCF接受的X509证书

以下代码适用于框架4.0：这首先很重要
在LocalMachine中手动将证书作为受信任证书安装
为了做到这一点，你可以通过打开服务器位置，简单地从internet explorer安装它。

和第二响应服务器错误，因为自签名证书

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Security.Cryptography.X509Certificates;
 using System.Net;
 using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
    static void Main(string[] args)
    {
        //You have to install your certificate as trusted certificate in your LocalMachine 
        //create your service client/ procy
        using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
        {
            //server certification respond with an error, because doesnt recognize the autority
            ServicePointManager.ServerCertificateValidationCallback += OnServerValError;

            //Assign to self sign certificate
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
            StoreName.Root,
            X509FindType.FindBySubjectName,
            "MY custom subject name"); //SubjectName(CN) from  certificate
            //make a test call to ensure that service responds
            var res = client.echo("test");
            Console.WriteLine(res);
            Console.ReadKey();
        }
    }
    public static bool OnServerValError(object sender, X509Certificate certificate,    X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        //mute the error, or provide some custom validation code
        return true;
        //or more restrictive 
       // if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
        //{

        //    return true;
       // }
       // else
        //{
       //    return false;
       // }
    }
   }
}