Recently I was looking to see how I could configure a WCF service to use SSL. I came across this article (SSL with Self-hosted WCF Service) that states the steps nicely.
In case this article is no longer available; I decided to record the steps -
There are few steps involved in this.
- One must be a Certificate Authority to issue certificates. For self signed certificates you can make yourself a CA by issueing following command –
makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine
Here you become a CA called "Dev Certification Authority" and set your local machine as CA server.
- Create a certificate for the server that will host your service (such as WCF, web service etc). Issue following command for this –
makecert -iv SignRoot.pvk -ic signroot.cer -cy end -pe -n
CN="localhost" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr
localmachine -sky exchange -sp
"Microsoft RSA SChannel Cryptographic Provider" -sy 12 - You will use this certificate to setup SSL . Open the certificate you created in step 2. It is in Certificate MMC\Personals folder. Now go to details tab. You will see thumbprint all the way down. Copy it somewhere and remove all spaces.
- Next issue the httpcfg command to connect it to your desired port(8012 in this case) –
httpcfg set ssl -i 0.0.0.0:8012 -h copiedthumbprintfromstep2
- There are additional httpcfg command that you can use to query and delete SSL ports as well -
- httpcfg delete ssl -i 0.0.0.0:8888
- httpcfg query ssl
- On target machine install the root certificate by opening certificates MMC and do Import. Make sure you pick Physical store and pick Computer as the store. Otherwise, it will not appear in certificates.
No comments:
Post a Comment