how to sign an x.509 certificate?

[GaryDean]

This post is a "sanity check"....

I have located the docs on how to sign a x.509 certificate

http://msdn.microsoft.com/en-us/library/aa529277.aspx
http://msdn.microsoft.com/en-us/library/aa528788.aspx
http://msdn.microsoft.com/en-us/library/aa528756.aspx

Step 2 in the first one refers to the second one "creating a custom policy
assertion". Just a brief scan of the first and second link depicts a huge
task.

My question is: Is signing a x.509 certificate really this difficult?

Is it any easier in WCF than it is in WSE 3.0?

 

[Cowboy \(Gregory A. Beamer\)]

No, it is not much easier, but it is heading that direction. Security is a
serious thing and the minds developing these things are still working their
way around the problem. Of note, however, is the fact that creating a
service, internal or external has gotten easier. I think that is a major
step. At least most of it is declarative, which is a good thing.

 

[Steven Cheng [MSFT]]

Hi Gary,

The link you provided is about programmtically perform message signing in
WSE. Yes, you need to follow all those steps. Actually both WSE or WCF api
has help encapsulated much underlying X509 digital signing details.

Also, generally if those configuration based policy can satisfy your
requirement, you're preferred to use those configuration based predefined
policys. IMO, WCF's predefined security policy is more complete and also
provide much more convenient user interface and XML conifiguration schema
(help us edit the configuration file easily)

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.






--------------------