We are trying to开发者_C百科 reference a certificate for a client endpoint configuration in our WCF configuration file.
The configuration looks like this:
<client>
<endpoint address="https://domain.server.com/path/service.asmx"
binding="basicHttpBinding" bindingConfiguration="TestServiceSoap"
contract="..." name="...">
<identity>
<certificateReference storeName="TrustedPublisher"
x509FindType="FindBySubjectDistinguishedName"
findValue="...">....
For a test-certificate, the "Subject" property looks like this:
CN = demo.domain.com
OU = Company
O = Company
L = City
S = County
C = CountryCode
This works, if we provide the following for the findValue
attribute above:
CN=demo.domain.com, OU=Company, O=Company, L=City, S=County, C=CountryCode
However, for a certificate we have from a third party, they have added their address as one part of this, so the above list of identifiers looks like this:
CN = demo.domain.com
OU = Company
STREET = Mainstreet 1, Town Center
L = City
S = County
C = CountryCode
Obviously, the comma in the STREET part will not work, as our string now contains "Town Center" as a separate part with no name.
How do we specify that we want to find the certificate using this list of identifiers?
CN=demo.domain.com, OU=Company, O=Company, STREET=Mainstreet 1, Town Center, L=City, S=County, C=CountryCode
^-- Argh!
Ok, with more experimentation we managed to find the answer ourselves.
First, to encapsulate values that contains special characters, we need to enclose them in double quotes.
This, however, won't play nice with findName="..."
which also uses double quotes, so we changed that to single quotes.
The end result was this:
findName='..., STREET="Mainstreet 1, Town Center", ...'
^ ^ ^ ^
| +---- this is needed -----+ |
| |
+- and this is needed to use double quotes --+
This isn't a direct answer to your question, but you don't really have to put all that detail in there if you don't want to. The CN should suffice unless you REALLY have multiple people with the same CN???
So you just need:
CN=demo.domain.com
In fact you don't even need to use the FindBySubjectDistinguishedName find type. You could just use FindBySubjectName and just put the plain subject name instead:
demo.domain.com
精彩评论