Certificates to secure WCF traffic




If you see it as a re-post, please, excuse me, did not seem to work the
first time.

What is the correct/recommended way to generate/sign certificates, used to
secure WCF traffic?

There is a client-server application that uses NetTCP binding and currently
Windows credentials are used to secure the traffic (on both transport and
message level).

Unfortunately it does not work if the client and the server are on different

I understand that I can use x.509 certificates for the same purposes and it
should solve multi-domain problem. But... how ma I supposed to generate and
sign the certificates? I would like to:
- not use self-signed certificates;

- be able to use the same client's app.config (basically, multiple clients
from different networks should be able to connect to multiple servers from
different networks);

- avoid updating the certificates periodically (usually, server-side SSL
certificates expire);

- [ideally] use the same certificate on different servers (because the
confirmation of identity is implemented on app level, so I'm only concerned
with encrypting the traffice);

- avoid maintaining my own CA.

The examples in MSDN Library and samples on the web usually suggest to use
self-signed certs. Some mention "for testing only".
VeriSign and Comodo don't talk about certificates for WCF specifically
[although my understanding is that they're the same as for web sites].

Ideas, pointers will be greatly appreciated!


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question