开发者

Certificate invalid forb netTCP in WCF

开发者 https://www.devze.com 2023-02-13 04:02 出处:网络
I\'m trying to get my WCF service to use certificate-based encryption in my local environment so that it\'ll talk to machines in different domains when its out in the live environment. I had the servi

I'm trying to get my WCF service to use certificate-based encryption in my local environment so that it'll talk to machines in different domains when its out in the live environment. I had the service working perfectly before trying to implement security, so I'm confident the fault isn't in the service.

I generated some certificates using makecert.exe. To start with I created two that I just called WCFclient and WCFServer and I added them to the trusted folder for current user in mmc. However that yielded the error:

Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'localhost' but the remote endpoint provided DNS claim 'WCfServer'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'WCfServer' as the Identity property of EndpointAddress when creating channel proxy

Which I figured 开发者_StackOverflow社区occured because I was issuing my certificate to a non-existent domain called "WCFServer". So I created another cert and gave it a CN of "localhost" and tried to configure both client and server to use it. Now I'm getting this message:

The remote certificate is invalid according to the validation procedure.

I've set certificateValidationMode="None" in my client config, so I don't think this is due to an expired certificate or suchlike. Does anyone know what else might be causing this error? Is it because i'm trying to use the same cert on both client and server ends, and if so how do I set the config files to avoid getting the previous error message about the DNS identity?


The previous error message can be avoided by using following definition of client endpoint:

<endpoint  name="..." address="..." binding="..." contract="...">
  <identity>
    <dns value="WCFServer" />
  </identity>
</endpoint>

For second error it should be enough to use PeerTrust validation mode.

0

精彩评论

暂无评论...
验证码 换一张
取 消