Certificates Validations Issues

Posted by user298331 on Stack Overflow See other posts from Stack Overflow or by user298331
Published on 2010-03-21T06:56:49Z Indexed on 2010/03/21 7:01 UTC
Read the original article Hit count: 549

Filed under:

Hi All,

i am facing some issues related certificates.i need some help to resolve these issues.

Requirements :

security

mode="TransportWithMessageCredential"

binding

binding

name="basicHttpEndpointBinding"

certificateValidationMode

="ChainTrust" revocationMode="Online"

Certificates :

Service Cerificates :

Transportlevel : XXXX.cer my cerificate name is my system DNS name and it is having root node i.e RootTrnCA.cer

this is used to enable https.but am not validationg transport level certificates.

Message Level : services.ca.iim (VXXXX.Cer-->Act.Mac.Ca-->services.ca.iim )

Client Cerificates :

Transportlevel : ZZZZ.cer my cerificate name is my system DNS name and it is having root node i.e RootTrnCA.cer

ignoring transport certificate errors through coading.....

Message Level : client.ca.iim (VXXXX.Cer-->Act.Mac.Ca-->client.ca.iim )

Issues :

1) Response message is not contain Service certificate Signature in Soap header.so i am not able to validate Server certificate details in Client code.

2)if i use the transport with message credential and Chaintrust.i am getting error : The revocation function was unable to check revocation because the revocation server was offline.)

so please very the below service and cleint config and correct me if i am wrong.

Service config :

Client config :

i am attaching certificate through coading :

objProxy.ChannelFactory.Credentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.

StoreLocation.LocalMachine,

System.Security.Cryptography.X509Certificates.

StoreName.My, X509FindType.FindBySubjectName, "client.ca.iim");

            <binding name="XXXXXServiceHost.Http" closeTimeout="00:01:00"
                openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <security mode="TransportWithMessageCredential">
                    <transport clientCredentialType="None" proxyCredentialType="None"
                        realm="" />
                    <message clientCredentialType="Certificate" algorithmSuite="Default" />
                </security>
            </binding>
        </basicHttpBinding>

    </bindings>
    <client>

        <endpoint address="https://XXXXXX/XXXServiceHost/MemberSvc.svc/soap11"
            binding="basicHttpBinding" bindingConfiguration="XXXServiceHost.Http"
            contract="ServiceReference1.IMemberIBA" name="XXXServiceHost.Http" />
    </client>
</system.serviceModel>Please Verify both and Help me how to resolve above two issues .

Thanks

Babu

© Stack Overflow or respective owner

Related posts about wcf-security