Hi:
What I think I understand so far about signing a message with a cert:
If I have a Client endpoint whose referenced binding behavior has values like:
- bindings/binding/wsHttpBinding/Security@mode=Message
- bindings/binding/wsHttpBinding/transport@clientCredentialType=Certificate
it will retrieve settings from the endpoint's associated behavior, whose settings are:
- behaviors/endpointBehaviors/clientCrendentials@type="Credentials"
- behaviors/endpointBehaviors/clientCrendentials/clientCertificate@storeName=... etc.
The above will encrypt the whole message.
a)
- If the endpoint's address protocol was https (ie SSL) communication was encrypted with the server's public cert. What does encrypting the message using a client private key (as I think the above is doing) give? How does the server decrypt it as it doesn't have the client's private key?
- What's the exact difference between defining the cert above (in the behavior) versus defining the cert in the endpoint's identity? If in the identity, is it just sent? No transport security? How is it sent? As a message header?