makecert.exe -sr CurrentUser -ss My -n CN=clientcert -sky exchange -sk - pe 建立客户端证书
makecert.exe -sr LocalMachine -ss My -n CN=servercert -sky exchange -sk –pe 建立服务端证书
将客户端证书从Personal拷贝到客户端机器的Current User下的Trusted People下.以及服务端机器的LocalMachine下的Trusted People下.
将服务端证书从Personal拷贝到服务端机器的LocalMachine下的Trusted People下.以及客户端机器的CurrentUser下的Personal 和Trusted People 下
证书从一台机拷到另一台机可以通过导出*.cer的证书文件,再在目标机器上导入的方式.
通过配置和编程方式可创建基于消息级的安全,如下配置节所示:
Web.Config:
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name ="serviceBehavior">
<serviceMetadata httpGetEnabled ="true"/>
<serviceCredentials> 服务器端证书
<serviceCertificate findValue="servercert" storeLocation ="LocalMachine" storeName ="My" x509FindType ="FindBySubjectName"/>
<clientCertificate >
<authentication certificateValidationMode="PeerOrChainTrust"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name ="WCFSecurityServer.CalcImpl" behaviorConfiguration ="serviceBehavior">
<host>
<baseAddresses>
<add baseAddress ="http://localhost:8080/WCFSecurity/service" />
</baseAddresses>
</host>
<endpoint bindingConfiguration="serverBinding" binding ="basicHttpBinding" address ="" contract="WCFSecurityServer.ICalc" >
<identity> 服务器端证书
<certificateReference findValue="servercert" storeLocation ="LocalMachine" storeName ="My" x509FindType ="FindBySubjectName"/>
</identity>
</endpoint>
</service>
</services>
<bindings>