Re: WSE 3.0 CertSrv Request
- From: "Techno_Dex" <nospamchurst@xxxxxxxxxxxx>
- Date: Wed, 6 Sep 2006 14:50:16 -0500
I'm mainly looking for information on what settings to use when requesting
Certificates to use with WSE 3.0 down the road for users and services. From
what I can tell, it appears there are issues like setting up and configuring
Certificate Templates for "Client Authentication" "Service Authentication"
"Code Signing" that all need to be configured in the Certificate Authority,
before a certificate is ever requested. No where in the documentation that
I have seen does it discuss what the certificate requirements are (granted
the how is not necessarily WSE's problem), the Encryption Provider to use,
the Key formats that should be generated and exported etc. I guess I was
mainly looking for some guidence into what types of certs to generate and
how. I keep seing export the *.pfx certificate, but when certs are
generated, there is no option to of using a *.pfx, only a *.cer. So far I
have hobbled my way through what I think is correct but was looking for some
confirmation.
Currently I have both a Client Authentication and Service Authentication
certificate installed on my test machine. I exported the Service's Public
Key and imported that into the Certificates snap-in also. I have hit
various exceptions but not sure what is helping and what is hurting when I
make changes. Currently I'm getting the exception "Security requirements
are not satisfied because the security header is not present in the incoming
message."
"Pablo Cibraro [MVP]" <pcibraro@xxxxxxxxxxx> wrote in message
news:OaBGs5b0GHA.3464@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I need to set the CSP to "Microsoft Enhanced Cryptographic Provider 1.0".
I marked the Key Usage as Both (Exchange and Signature), set the Key Size
to 1024, checked Create new key set, Mark Keys as exportable. I set the
Hash algorithm to SHA-1
All those settings are correct, so what error are you receiving from WSE
when you try to use those certificates ?
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
"Techno_Dex" <nospamchurst@xxxxxxxxxxxx> wrote in message
news:eirCk8SzGHA.3512@xxxxxxxxxxxxxxxxxxxxxxx
I am having a problem creating the appropriate Certificates for mutual
X509 security use our in house Cert Authority with teh CertSrv wizard. I
have not found any good documentation on what type of certificates need to
be created and which parameters need to be set in the CertSrv. I took a
look at Pablo's blog
http://weblogs.asp.net/cibrax/archive/2006/08/08/Creating-X509-Certificates-for-WSE-or-WCF.aspx
but all that does is obscure the CertSrv Template that is used to create
the desired Certifcates instead of explaining which options need to be
set.
So far I am using the Advanced request option in the CertSrv and using
the CA form option to populate the cert details. I'm assuming that the
Intended Purpose is "Server Authentication Certificate" for the WS side
and "Client Authentication Certificate" for the Client side. From
Pablo's blog is appears I need to set the CSP to "Microsoft Enhanced
Cryptographic Provider 1.0". I marked the Key Usage as Both (Exchange
and Signature), set the Key Size to 1024, checked Create new key set,
Mark Keys as exportable. I set the Hash algorithm to SHA-1.... Can
someone shed some light on what I'm missing?
.
- References:
- Re: WSE 3.0 CertSrv Request
- From: Pablo Cibraro [MVP]
- Re: WSE 3.0 CertSrv Request
- Prev by Date: Re: WSE 3 + Long Running Request = Timeout
- Next by Date: RE: WSE 3.0 and timeToleranceInSeconds element
- Previous by thread: Re: WSE 3.0 CertSrv Request
- Next by thread: Re: WSE 3.0 CertSrv Request
- Index(es):
Relevant Pages
|
Loading
