tags:

views:

955

answers:

4
+9  Q: 

Primer for X.509 certificates on Windows

I am presently studying the topic of encrypting and signing SOAP messages via WSE 3.0 or WCF. Since I have not participated in distributed application development involving the public Internet, I find my knowledge on X.509 ceritificates lacking and how it works in the Windows certificate store mechanism. It is not about asymmetric cryptography; it is about the PKI ecosystem.

Therefore I would like to gather what are some articles or books that give comprehensive explanations on Windows' security mechanisms, how to properly use and manage the Certificate Store, CA trust chains, and how APIs like WSE or WCF may interact and make use of certificates. Recommendations?

+1  A: 

"Learning WCF" by Michele Bustamente has a good overview chapter on WCF security, including some basic discussion on X.509 certificates.

ng5000  2009-01-12 12:12:49
Chapter 7 of Learning WCF gives introductory details about certificates, and how to motion WCF to use them. However, I am also looking for the lower level - managing, issuing, purchasing certificates, establishing own CA, creating fake certs, etc.
icelava  2009-01-12 16:14:16
+1  A: 

From the MSDN:

How to: Decrypt XML with x509

How to: Encrypt XML with x509

mirezus  2009-01-12 12:24:28
I am looking for more than just encrypting/decrypting XML documents. Wish to know what exact x.509 encompasses; how Windows stores and uses them. How they are validated and identified, etc. How do we even setup our own CA and create our own certs?
icelava  2010-01-12 10:37:53
+4  A: 

Everyone using (or thinking of using) X.509 certificates should be forced to read this: Everything you Never Wanted to Know about PKI but were Forced to Find Out, as well as X.509 Style guide, both by Peter Gutmann.

Teddy  2009-01-13 20:11:24
those are actually funny reads, but unfortunately the presentation PDF seems to be a report on all the massive flaws and ailments of PKI and x.509 but no where explaining "How does Windows and IE make use of the certs stored the Cert Store; and what can developers really do with them for security scenarios?"
icelava  2010-01-12 10:34:29
The text guide is unfortunately formatted only as a raw text file which makes for difficult reading. I cannot tell which section contains the relevant information i am looking for?
icelava  2010-01-12 10:36:05
You said that "I find my knowledge on X.509 ceritificates lacking" - this should help.
Teddy  2010-01-12 20:57:26
A: 

I think the base starting point to understanding the Windows implementation of PKI has to come from TechNet

PKI segment http://technet.microsoft.com/en-us/library/cc757327(WS.10).aspx

Certificates overview http://technet.microsoft.com/en-us/library/cc784662(WS.10).aspx

Certificate services http://technet.microsoft.com/en-us/library/cc783511(WS.10).aspx

Certificate templates http://technet.microsoft.com/en-us/library/cc758496(WS.10).aspx

icelava  2010-01-19 07:09:00

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability