Re: WSE2.0--need valid X.509 certs created with Makecert
- From: "Raghu" <Raghu@xxxxxxxxxx>
- Date: Tue, 23 Aug 2005 15:24:49 -0700
The makecert tool that shipped with vs.net 2003 is old. You should get the
latest one included in platform sdk. The latest one has a new option "-pe"
which makes private key exportable. However I need to warn you that I was
not able to make the IIS work with the server certificate.
However I was able to create on using the SSLDiag.exe or you can use
SelfSSL.exe (search for them on the microsoft site.)
"mike murphy" <mike murphy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F79351DE-942E-4F56-99EB-44604590D5D1@xxxxxxxxxxxxxxxx
>I have the same problem. I know that the certificates that I do have, have
> the correct permissions. I get "System.ComponentModel.Win32Exception: Bad
> Key" when the message is sent back to the client.
>
> "Jake Pugois" wrote:
>
>> Make sure you use the wse certificate tool to assign Read permission to
>> ASPNET on the certificate's private key file.
>>
>>
>> "Andy Bocz via .NET 247" <anonymous@xxxxxxxxxxxxx> wrote in message
>> news:eI1gUALXFHA.2124@xxxxxxxxxxxxxxxxxxxxxxx
>> I'm finishing up a web service that uses WSE2.0 to sign the request and
>> encrypt the SOAP body (both request and response). I'm using the code
>> approach (not policy). Everything works fine with the QuickStart Sample
>> X.509 certs supplied with the WSE2.0 SP2 SDK.
>>
>> I'd like to use self signed certs for the following reasons:
>> --the web service will be consumed internally (no need for CA
>> traceability)
>> --it won't see a tremendous load (minor performance hit from self-signed
>> verts should be fine)
>> --I don't want to have to worry about expiring certs
>>
>> The problem I'm having is that the certs I've created so far with
>> Makecert
>> don't work. I either get a "Bad Key" or "The security token could not be
>> authenticated or authorized" errors during the creation of the web
>> service
>> request on the client side. I've double-checked the cert imports and
>> private
>> key ACL rights and everything is fine.
>>
>> The makecert approaches I've used to get two certs with private keys are
>> (where xxx = "WSClient" and "WSServer"):
>>
>> makecert -r -n "CN=xxx" -sv xxx.pvk xxx.cer
>> cert2spc xxx.cer xxx.spc
>> pvkimprt -pfx xxx.spc xxx.pvk
>>
>> AND
>>
>> makecert -cy authority -r -n "CN=demos1.Softwaremaker.NET" -sr
>> localmachine -ss "Trust"
>>
>> makecert -cy end -n "CN=demos1.Softwaremaker.NET SERVER" -sky
>> exchange -sk
>> "demos1.Softwaremaker.NET Server" -ss "My" -sr localmachine -in
>> "demos1.Softwaremaker.NET" -ir localmachine -is "Trust"
>>
>> makecert -cy end -n "CN=demos1.Softwaremaker.NET CLIENT" -sky
>> exchange -sk
>> "demos1.Softwaremaker.NET Client" -ss "My" -sr localmachine -in
>> "demos1.Softwaremaker.NET" -ir localmachine -is "Trust"
>>
>>
>> Can anyone provide me with makecert command lines for self signed
>> private-key certs that they know work with WSE2.0? Or, are there any
>> MVPs
>> out there that know how the Quickstart sample certs were created?
>>
>> Thanks in advance,
>> Andy
>>
>> -----------------------
>> Posted by a user from .NET 247 (http://www.dotnet247.com/)
>>
>> <Id>Fm3bVbdJ9Umj57S3cPAYag==</Id>
>>
>>
>>
.
- References:
- Re: WSE2.0--need valid X.509 certs created with Makecert
- From: mike murphy
- Re: WSE2.0--need valid X.509 certs created with Makecert
- Prev by Date: x509 certificate management
- Next by Date: deployement: WSE runtime
- Previous by thread: Re: WSE2.0--need valid X.509 certs created with Makecert
- Next by thread: securing service by ssl certificate
- Index(es):
Relevant Pages
|
