Silverlight WCF with two-way SSL security certificates

Question

Dear All!

I would like to implement a server - client software with the following security requirements:

• WCF-Services need to be secured with SSL and Certificates for both, the server and the client

• Client certificates need to be generated programmatically upon user registration

• Client-certificates are deployed via a an automatically generated installer-package

• Altough the client-certificates are self-signed (no authorized CA for the generation server) the end-user must not add the server-certificate to the trusted certificates in the local Certificate Store

My problems: I cannot find any information regarding establishing such a two-way ssl-security for wcf, while the server-certificate is not signed by an authorized CA and instead is created programmatically with "makecert"...

My question: Is it technically possible to implement this requirements? If yes - could you provide some hints how to get started?

Thank you!

Answer 1

It sounds like you're trying to do alot of complicated stuff here, with the certificates in particular. Have you considered using Username/Password system instead for client credentials? With the server cert, if it's not a valid SSL certificate, you can bypass the certificate validation by the client using config like:

    <behavior name="DisableServiceCertificateValidation">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="None"
                          revocationMode="NoCheck" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>

Compare your requirements (might be best to start simple) to the Application Scenarios / How Tos sections of this CodePlex link. You will then be able to work through the configuration and setup guides to get you up and running, giving you something you can build upon.