SSL needs a self-signed certificate or a certificate issued by a CA that
contains a private key. Presumably in a test environment we don't have a
CA issued SSL certificate. The following will create a self-signed
certificate
makecert -sk "ssldemo" -pe -r -e "11/11/2006" -sky Exchange
-sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider"
-n "CN=localhost"
-ss MY -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 ssldemo.cer
which generates a self-signed (-r) certificate with exportable (-pe) private
key.
Generates an AT_KEYEXCHANGE 1024 bit keypair in keycontainer "ssldemo".
The keypair uses the RSA SCHANNEL provider type (-sy 12) and associated
provider (-sp ..)
The SubjectName is assigned Common Name "localhost" for local web-test
purposes. Remote connections will require the actual website name used in
the url ( for example:
http://MyMachine/MyService.svc would use
CN=MyMachine).
The certificate is generated in the current user MY store.
The ExtendedKeyUsages are specified:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
The ssldemo.cer file is a x509 certificate and should be installed in the
Trusted Root Certification Authorities store in either LocalMachine (for all
users) or CurrentUser
Refer to
<
http://groups.google.com/group/micr...88ee8a2fe3a/b8a30c64c832e2a8#b8a30c64c832e2a8>
If you intend to use this to setup a test web server then you will need to
export the certificate with private key to a *.pfx file. This can be done
with the Certificates MMC plug-in. The pfx file can then be imported into
IIS using the IIS MMC . After importing the pfx file you will need to 1)
add the certificate to Trusted Root CA and 2) set the file permissions on
the private key file to allow the AspNet user read access.
Setting file permissions on Private Keys
The private key is stored on the local machine and the only way to find it
is with FindPrivateKey.exe or with the WseCertificate3.exe tool in the
Microsoft WSE3.0 SDK.
FindPrivateKey.exe is a console tool that you can build from the WCFSamples.
It can be found in \TechnologySamples\Tools after installing the samples.
The samples can be downloaded from
http://www.microsoft.com/downloads/...6c-8f98-40d0-880d-c3339c5da01e&DisplayLang=en
The WSE3.0 tool is available
http://www.microsoft.com/downloads/...fd-3a74-43c5-8ec1-8d789091255d&DisplayLang=en
After you find the file, you can assign read rights to the ASPNet account.
Access rights can also be set via WinHttpCertCfg.exe console application.
This is the preferred tool to use with production servers.