Re: WSE2.0--need valid X.509 certs created with Makecert
- From: "mike murphy" <mike murphy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 22 Aug 2005 19:51:07 -0700
I have the same problem. I know that the certificates that I do have, have
the correct permissions. I get "System.ComponentModel.Win32Exception: Bad
Key" when the message is sent back to the client.
"Jake Pugois" wrote:
> Make sure you use the wse certificate tool to assign Read permission to
> ASPNET on the certificate's private key file.
>
>
> "Andy Bocz via .NET 247" <anonymous@xxxxxxxxxxxxx> wrote in message
> news:eI1gUALXFHA.2124@xxxxxxxxxxxxxxxxxxxxxxx
> I'm finishing up a web service that uses WSE2.0 to sign the request and
> encrypt the SOAP body (both request and response). I'm using the code
> approach (not policy). Everything works fine with the QuickStart Sample
> X.509 certs supplied with the WSE2.0 SP2 SDK.
>
> I'd like to use self signed certs for the following reasons:
> --the web service will be consumed internally (no need for CA traceability)
> --it won't see a tremendous load (minor performance hit from self-signed
> verts should be fine)
> --I don't want to have to worry about expiring certs
>
> The problem I'm having is that the certs I've created so far with Makecert
> don't work. I either get a "Bad Key" or "The security token could not be
> authenticated or authorized" errors during the creation of the web service
> request on the client side. I've double-checked the cert imports and private
> key ACL rights and everything is fine.
>
> The makecert approaches I've used to get two certs with private keys are
> (where xxx = "WSClient" and "WSServer"):
>
> makecert -r -n "CN=xxx" -sv xxx.pvk xxx.cer
> cert2spc xxx.cer xxx.spc
> pvkimprt -pfx xxx.spc xxx.pvk
>
> AND
>
> makecert -cy authority -r -n "CN=demos1.Softwaremaker.NET" -sr
> localmachine -ss "Trust"
>
> makecert -cy end -n "CN=demos1.Softwaremaker.NET SERVER" -sky exchange -sk
> "demos1.Softwaremaker.NET Server" -ss "My" -sr localmachine -in
> "demos1.Softwaremaker.NET" -ir localmachine -is "Trust"
>
> makecert -cy end -n "CN=demos1.Softwaremaker.NET CLIENT" -sky exchange -sk
> "demos1.Softwaremaker.NET Client" -ss "My" -sr localmachine -in
> "demos1.Softwaremaker.NET" -ir localmachine -is "Trust"
>
>
> Can anyone provide me with makecert command lines for self signed
> private-key certs that they know work with WSE2.0? Or, are there any MVPs
> out there that know how the Quickstart sample certs were created?
>
> Thanks in advance,
> Andy
>
> -----------------------
> Posted by a user from .NET 247 (http://www.dotnet247.com/)
>
> <Id>Fm3bVbdJ9Umj57S3cPAYag==</Id>
>
>
>
.
- Follow-Ups:
- Prev by Date: Re: Authentication in WSE
- Next by Date: RE: Namespace with WSE and WebService in VB .Net
- Previous by thread: SOAP with attachments?
- Next by thread: Re: WSE2.0--need valid X.509 certs created with Makecert
- Index(es):
Relevant Pages
|
