How can I easily deploy a certificate with a host application ?

Question

Hi,

My use case is very simple : I have a GUI application, and inside this application I host a service however clients of this services must be able to authenticate with UserName safely (The only thing I want is to encrypt messages to be sure that nobody can sniff to retrieve password of clients, I don't care about more security).

So, I want to ship a certificate with my GUI application and that my host (which is inside the GUI application... I know it's a little dirty) use the certificate to encrypt messages.

So my question is : Does my requirements oblige me to install the certificate inside the store on the host machine ? Am I obliged to generate a new certificate with makecert for every host ?

What is the easiest way to deploy my application ?

(I control the client application so the validation of the certificate is not a problem)

Answer 1

First of all you should not use makecert to generate production certificates.

You could store the certificate in code and not in the machine but keep in mind that the security of the whole encryption is as good as the security of the certificate's private key. If the machine where the application will be run is secure you could use the certificate "incode" but if you cannot guarantee the security of the host machie you should install the certificate in Windows Store. Make sure the user running the application has permissions to read the certificate's private key.

If using WSE or WCF make sure you test the default message or transport encryption methods provided to see if they are good enough for your use.

Here is some references for installing certificate with private key (.pfx file) programmaticly.