tags:

views:

134

answers:

1
+1  Q: 

WCF Certificate issue

I am developing a WCF service on my local computer using Visual Studios built in ASP.NET development sever and I'm having issues creating and using temporary Certificates.

I have created a cert call TempCA and added it to the Trusted Root Certificate folder and I have created another called SignedByCA which has been added to the personal folder.

The service config file has been set up to use SignedByCA but when I run the service I get the following error.

The certificate 'CN=SignedByCA' must have a private key that is capable of key exchange. The process must have access rights for the private key.

I have tried using WinHttpCertCfg.exe to give other users access to the key but I have since found out that WinHttpCertCfg.exe has be deprecated in windows Vista.

Has anyone had this issue before in a similar circumstance??

A: 

Try certmgr. But I suppose you used the makecert to generate the certificate, you don't need to use WinHttpCertCfg to install it. It should be installed automatically.

Also, if you are hosting the service in IIS, the private key is normally generated in 

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

You can try granting read-only security of the MachineKeys for the user "NETWORK SERVICE" (user for IIS6).

K2so  2010-04-01 15:52:37
Sorry to be a pain but like I said before I'm not using IIS to run my service I'm just running it using the Visual Studio Development Server that runs when you hit debug
Morgeh  2010-04-01 15:57:02
I think it's similar, instead of setting it to user "NETWORK SERVICE", try granting "EVERYONE" read-only temporarily and see if you can run debug. You won't want to do this in production of course for security reasons.
K2so  2010-04-01 16:10:14
I seem to be going round in circles with this, somehow after a reset of my system the web service can no longer find any certs at all. I just constantly get "Cannot find the X.509 certificate using the following search criteria: StoreName 'AuthRoot', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'CN=SignedByTemp'."
Morgeh  2010-04-01 21:30:20
Sorry ignore "AuthRoot" that should say "My" but no matter how many times I create and install the certs I get the same message.
Morgeh  2010-04-01 21:31:17
Did you use MMC to check whether the certificate is installed properly into your CurrentUser store?
K2so  2010-04-02 02:03:53

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability