WCF endpoint certificate identity

L

Larry

Hello,

I use WCF with my web service calls and all of the communication is secured
with certificates. When I create my service reference, an endpoint gets
created with the correct information. It includes an entry like this:
 
L

Larry

Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use wsHttpBinding
with certificates and set with message encryption. When I create my service
reference, I end up getting an entry something like this in the <client />
section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated for me
when I add the reference (comes from the Svcutil). I'd like to be able to
replace this value when certs are updated. What is this value made up from
and how can I programmatically update it (using c#)? It looks like it has
more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What am I
missing here? Any suggestions would be greatly appreciated!

Larry
 
T

Tiago Halm

The encoded value is the public key of the X.509 certificate. The client
uses this public key to encrypt a given message, which the private key owner
(the web service) is able to decrypt.

When the web service owner decides to change the certfificate, this change
will (eventually) involve a change in the public key which will be reflected
in the WSDL. The client should be able to update the reference (re-process
the WSDL) when the certificate changes.

I suspect, but may be wrong, that you may renew the certificate while
maintaining the private/public key pair.

Tiago Halm

Larry said:
Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use wsHttpBinding
with certificates and set with message encryption. When I create my
service reference, I end up getting an entry something like this in the
<client /> section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated for me
when I add the reference (comes from the Svcutil). I'd like to be able to
replace this value when certs are updated. What is this value made up
from and how can I programmatically update it (using c#)? It looks like
it has more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What am I
missing here? Any suggestions would be greatly appreciated!

Larry
Larry said:
Hello,

I use WCF with my web service calls and all of the communication is
secured with certificates. When I create my service reference, an
endpoint gets created with the correct information. It includes an entry
like this:
 
T

Tiago Halm

The encoded value is the public key of the X.509 certificate. The client
uses this public key to encrypt a given message, which the private key owner
(the web service) is able to decrypt.

When the web service owner decides to change the certfificate, this change
will (eventually) involve a change in the public key which will be reflected
in the WSDL. The client should be able to update the reference (re-process
the WSDL) when the certificate changes.

I suspect, but may be wrong, that you may renew the certificate while
maintaining the private/public key pair.

Tiago Halm

Larry said:
Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use wsHttpBinding
with certificates and set with message encryption. When I create my
service reference, I end up getting an entry something like this in the
<client /> section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated for me
when I add the reference (comes from the Svcutil). I'd like to be able to
replace this value when certs are updated. What is this value made up
from and how can I programmatically update it (using c#)? It looks like
it has more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What am I
missing here? Any suggestions would be greatly appreciated!

Larry
Larry said:
Hello,

I use WCF with my web service calls and all of the communication is
secured with certificates. When I create my service reference, an
endpoint gets created with the correct information. It includes an entry
like this:
 
L

Larry

There is more to this encoded value than just the public key. As I
mentioned previously, the encoded value begins with AwAAAAEAAAAUAAAARF and
doesn't have until later in the value MIIE (the start of the public key).
It kind of looks like it starts with an encoded thumbprint or signature. I
see though that I won't have to change this value unless a new key pair is
needed.

Thanks for your help!

Tiago Halm said:
The encoded value is the public key of the X.509 certificate. The client
uses this public key to encrypt a given message, which the private key
owner
(the web service) is able to decrypt.

When the web service owner decides to change the certfificate, this change
will (eventually) involve a change in the public key which will be
reflected
in the WSDL. The client should be able to update the reference (re-process
the WSDL) when the certificate changes.

I suspect, but may be wrong, that you may renew the certificate while
maintaining the private/public key pair.

Tiago Halm

Larry said:
Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use
wsHttpBinding
with certificates and set with message encryption. When I create my
service reference, I end up getting an entry something like this in the
<client /> section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a
long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated for
me
when I add the reference (comes from the Svcutil). I'd like to be able
to
replace this value when certs are updated. What is this value made up
from and how can I programmatically update it (using c#)? It looks like
it has more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What am I
missing here? Any suggestions would be greatly appreciated!

Larry
Larry said:
Hello,

I use WCF with my web service calls and all of the communication is
secured with certificates. When I create my service reference, an
endpoint gets created with the correct information. It includes an
entry
like this:
 
T

Tiago Halm

Larry,

See here, see if it helps to generate the value (haven't checked):
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=597530&SiteID=1

Tiago Halm

Larry said:
There is more to this encoded value than just the public key. As I
mentioned previously, the encoded value begins with AwAAAAEAAAAUAAAARF and
doesn't have until later in the value MIIE (the start of the public key).
It kind of looks like it starts with an encoded thumbprint or signature.
I see though that I won't have to change this value unless a new key pair
is needed.

Thanks for your help!

Tiago Halm said:
The encoded value is the public key of the X.509 certificate. The client
uses this public key to encrypt a given message, which the private key
owner
(the web service) is able to decrypt.

When the web service owner decides to change the certfificate, this
change
will (eventually) involve a change in the public key which will be
reflected
in the WSDL. The client should be able to update the reference
(re-process
the WSDL) when the certificate changes.

I suspect, but may be wrong, that you may renew the certificate while
maintaining the private/public key pair.

Tiago Halm

Larry said:
Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use
wsHttpBinding
with certificates and set with message encryption. When I create my
service reference, I end up getting an entry something like this in the
<client /> section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a
long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated for
me
when I add the reference (comes from the Svcutil). I'd like to be able
to
replace this value when certs are updated. What is this value made up
from and how can I programmatically update it (using c#)? It looks like
it has more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What am
I
missing here? Any suggestions would be greatly appreciated!

Larry
"Larry" <none> wrote in message
Hello,

I use WCF with my web service calls and all of the communication is
secured with certificates. When I create my service reference, an
endpoint gets created with the correct information. It includes an
entry
like this:
 
L

Larry

It doesn't quite get me what I need. Any idea where I can find any
documentation on what this value is and how its generated? Some
documentation says that "This element specifies a Base64-encoded X.509
certificate value to compare with the client." but then also says that
"This element restricts authentication to a single certificate based upon
its thumbprint value." So if anything changes that affects the thumbprint,
this value will have to be regenerated (quotes taken from
http://msdn.microsoft.com/en-us/library/ms733130.aspx).

I also run a pretty good chance that the customer(s) may want to use their
own certificate anyways, so I'll need a good way of updating this
encodedValue (outside of my dev environment). Any other thoughts on how
this can be done? Its got to be pretty common to have to change this value
since certificates expire, company processes require updating of
certificates/key pairs or other other update problems. Is there any
documented procedure for doing this?

Tiago Halm said:
Larry,

See here, see if it helps to generate the value (haven't checked):
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=597530&SiteID=1

Tiago Halm

Larry said:
There is more to this encoded value than just the public key. As I
mentioned previously, the encoded value begins with AwAAAAEAAAAUAAAARF
and doesn't have until later in the value MIIE (the start of the public
key). It kind of looks like it starts with an encoded thumbprint or
signature. I see though that I won't have to change this value unless a
new key pair is needed.

Thanks for your help!

Tiago Halm said:
The encoded value is the public key of the X.509 certificate. The client
uses this public key to encrypt a given message, which the private key
owner
(the web service) is able to decrypt.

When the web service owner decides to change the certfificate, this
change
will (eventually) involve a change in the public key which will be
reflected
in the WSDL. The client should be able to update the reference
(re-process
the WSDL) when the certificate changes.

I suspect, but may be wrong, that you may renew the certificate while
maintaining the private/public key pair.

Tiago Halm

Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use
wsHttpBinding
with certificates and set with message encryption. When I create my
service reference, I end up getting an entry something like this in the
<client /> section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a
long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated for
me
when I add the reference (comes from the Svcutil). I'd like to be able
to
replace this value when certs are updated. What is this value made up
from and how can I programmatically update it (using c#)? It looks
like
it has more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What am
I
missing here? Any suggestions would be greatly appreciated!

Larry
"Larry" <none> wrote in message
Hello,

I use WCF with my web service calls and all of the communication is
secured with certificates. When I create my service reference, an
endpoint gets created with the correct information. It includes an
entry
like this:
 
T

Tiago Halm

When web services have certificates involved and are used at the message
level (versus transport) I believe the update process would be to re-send
the WSDL to the client (when the keys have changed). I don't see any other
way of letting the client know of the change. Automating this procedure
would require the client to automate the process of reading the WSDL, but
then again the service would need to publish the WSDL (not recommended due
to security sensitivity).

The service owner and client owner need to agree on a compromise that leaves
both parties confortable.

Tiago Halm

Larry said:
It doesn't quite get me what I need. Any idea where I can find any
documentation on what this value is and how its generated? Some
documentation says that "This element specifies a Base64-encoded X.509
certificate value to compare with the client." but then also says that
"This element restricts authentication to a single certificate based upon
its thumbprint value." So if anything changes that affects the
thumbprint, this value will have to be regenerated (quotes taken from
http://msdn.microsoft.com/en-us/library/ms733130.aspx).

I also run a pretty good chance that the customer(s) may want to use their
own certificate anyways, so I'll need a good way of updating this
encodedValue (outside of my dev environment). Any other thoughts on how
this can be done? Its got to be pretty common to have to change this
value since certificates expire, company processes require updating of
certificates/key pairs or other other update problems. Is there any
documented procedure for doing this?

Tiago Halm said:
Larry,

See here, see if it helps to generate the value (haven't checked):
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=597530&SiteID=1

Tiago Halm

Larry said:
There is more to this encoded value than just the public key. As I
mentioned previously, the encoded value begins with AwAAAAEAAAAUAAAARF
and doesn't have until later in the value MIIE (the start of the public
key). It kind of looks like it starts with an encoded thumbprint or
signature. I see though that I won't have to change this value unless a
new key pair is needed.

Thanks for your help!

The encoded value is the public key of the X.509 certificate. The
client
uses this public key to encrypt a given message, which the private key
owner
(the web service) is able to decrypt.

When the web service owner decides to change the certfificate, this
change
will (eventually) involve a change in the public key which will be
reflected
in the WSDL. The client should be able to update the reference
(re-process
the WSDL) when the certificate changes.

I suspect, but may be wrong, that you may renew the certificate while
maintaining the private/public key pair.

Tiago Halm

Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use
wsHttpBinding
with certificates and set with message encryption. When I create my
service reference, I end up getting an entry something like this in
the
<client /> section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a
long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated
for me
when I add the reference (comes from the Svcutil). I'd like to be
able to
replace this value when certs are updated. What is this value made up
from and how can I programmatically update it (using c#)? It looks
like
it has more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What
am I
missing here? Any suggestions would be greatly appreciated!

Larry
"Larry" <none> wrote in message
Hello,

I use WCF with my web service calls and all of the communication is
secured with certificates. When I create my service reference, an
endpoint gets created with the correct information. It includes an
entry
like this:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top