There is an error "The service certificate is not provided. Specify a service certificate in ServiceCredentials. " when I ran my service ,I want to add ServiceCredentials property,but I don't know how to do and what's the value of "Type" argument of it should be,could anybody help ?Thank you.
|
| hzqgirl |
Using the cert manager as I said above, can you oduble click on the cert and tell us what it says under "This certificate is intended for the following purpose(s)"
Richard Blewett, thinktecture - http://www.dotnetconsult.co.uk/weblog2
Twitter: richardblewett- Marked As Answer bySteven Cheng - MSFTMSFT, ModeratorMonday, September 21, 2009 10:26 AM
-
|
| Richard Blewett |
Hi Hzqgirl,
From your previous replies, it seems you haven't configured the x509 certificate correctly, and the x509 certificate you selected doesn't match the requirment(need to have private key associated so as to be able to perform encrypt and signing).
The makecert.exe tool is a common tool(provided by .NET SDK) for creating test certificate. You can use it to create test certificate for WCF testing.
If you're not familar with the x509 certificate creation and configuration, here are some code project articles which might be helpful to you:
#Simple WCF - X509 Certificate
http://www.codeproject.com/KB/WCF/Senthil.aspx
#SSL with Self-hosted WCF Service
http://www.codeproject.com/KB/WCF/WCFSSL.aspx
Also, for certificate which has private key assocated, you also need to make sure the private key is accessible to your application(which want to use it)
#How to: Make X.509 Certificates Accessible to WCF
http://msdn.microsoft.com/en-us/library/aa702621.aspx
Please remember to mark the replies as answers if they help and unmark them if they provide no help. - Marked As Answer bySteven Cheng - MSFTMSFT, ModeratorMonday, September 21, 2009 10:27 AM
-
|
| Steven Cheng - MSFT |
Now the error turns to "Cannot find the X.509 certificate using the following search criteria..." |
| hzqgirl |
Can you show us your <serviceCredentials> element?
Richard Blewett, thinktecture - http://www.dotnetconsult.co.uk/weblog2
Twitter: richardblewett |
| Richard Blewett |
Hi,
The following is my config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="default">
<serviceMetadata httpGetEnabled="true" policyVersion="Default" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate findValue="" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="Binding1">
<security>
<transport>
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Certificate" />
</security>
</binding>
<binding name="Binding2">
<reliableSession enabled="true" />
<security>
<transport>
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<remove contract="IMetadataExchange" name="sb" />
<endpoint binding="netTcpRelayBinding" bindingConfiguration=""
contract="IMetadataExchange" name="sb" />
</client>
<services>
<service behaviorConfiguration="default" name="ServiceBus.Demo.Service.App_Code.SbService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="Binding2"
contract="ServiceBus.Demo.Service.App_Code.ISbService" />
<endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="Binding1"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
</configuration> |
| hzqgirl |
This is the crucial bit of your config <serviceCredentials> <serviceCertificate findValue="" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /> </serviceCredentials> The FindValue is blank. It uses this information to locate the correct certificate. start mmc.exe and add the certificate manager for local machine into the console. Have a look at the cert in the Personal store that you are tryinng to use. The name in the MMC will be the FindValue you want to use
Richard Blewett, thinktecture - http://www.dotnetconsult.co.uk/weblog2Twitter: richardblewett |
| Richard Blewett |
Hi,
I did as you mentioned ,but I got another error"Keyset does not exist" |
| hzqgirl |
How did you create this certificate/obtain this certificate?
Richard Blewett, thinktecture - http://www.dotnetconsult.co.uk/weblog2
Twitter: richardblewett |
| Richard Blewett |
Hi,
Sorry ,I don't know exactly what do you mean?Could you give me more infomation about what do you want to confirm? |
| hzqgirl |
And I found thisin the stack trace"[ServiceActivationException: The service '/sbdemo/SBService.svc' cannot be activated due to an exception during compilation. The exception message is: The certificate 'CN=tekever-PC' must have a private key that is capable of key exchange. The process must have access rights for the private key..]"
I don't know how to handle this?
|
| hzqgirl |
|
| Richard Blewett |
Hi,
I just saw the thread ,but I don't have makecert.exe and winhttpcertcfg.exe . |
| hzqgirl |
Where did you get the cert from that you are trying to use to do the securing?
Richard Blewett, thinktecture - http://www.dotnetconsult.co.uk/weblog2
Twitter: richardblewett |
| Richard Blewett |
I'm not sure,where can I see this? |
| hzqgirl |
Hi, You can manage your certificate using MMC . just type mmc in "run".then and a snap -in for local computer certificate. How to manage your certificate : http://msdn.microsoft.com/zh-cn/library/ms788967.aspxYou can get tips from here: http://www.cnblogs.com/frank_xl/archive/2009/08/13/1543848.htmlregards
Frank Xu Lei--谦卑若愚,好学若? 专注?NET平台下分布式应用系统开发和企业应用系统集成 Focus on Distributed Applications Development and EAI based on .NET 欢迎访问老徐的中文技术博客: Welcome to My Chinese Technical Blog 欢迎访问微软WCF中文技术论坛: Welcome to Microsoft Chinese WCF Forum 欢迎访问微软WCF英文技术论坛: Welcome to Microsoft English WCF Forum |
| Frank Xu Lei |
Using the cert manager as I said above, can you oduble click on the cert and tell us what it says under "This certificate is intended for the following purpose(s)"
Richard Blewett, thinktecture - http://www.dotnetconsult.co.uk/weblog2
Twitter: richardblewett- Marked As Answer bySteven Cheng - MSFTMSFT, ModeratorMonday, September 21, 2009 10:26 AM
-
|
| Richard Blewett |
Hi,
This certificate is intended for the following purpose(s)
Ensures the identity of a remote computer
All issuance policies |
| hzqgirl |
Hi Hzqgirl,
From your previous replies, it seems you haven't configured the x509 certificate correctly, and the x509 certificate you selected doesn't match the requirment(need to have private key associated so as to be able to perform encrypt and signing).
The makecert.exe tool is a common tool(provided by .NET SDK) for creating test certificate. You can use it to create test certificate for WCF testing.
If you're not familar with the x509 certificate creation and configuration, here are some code project articles which might be helpful to you:
#Simple WCF - X509 Certificate
http://www.codeproject.com/KB/WCF/Senthil.aspx
#SSL with Self-hosted WCF Service
http://www.codeproject.com/KB/WCF/WCFSSL.aspx
Also, for certificate which has private key assocated, you also need to make sure the private key is accessible to your application(which want to use it)
#How to: Make X.509 Certificates Accessible to WCF
http://msdn.microsoft.com/en-us/library/aa702621.aspx
Please remember to mark the replies as answers if they help and unmark them if they provide no help. - Marked As Answer bySteven Cheng - MSFTMSFT, ModeratorMonday, September 21, 2009 10:27 AM
-
|
| Steven Cheng - MSFT |
index > Windows Communication Foundation > A error of "The service certificate is not provided. Specify a service certificate in ServiceCredentials. "