WCF over HTTPS 使用 WildCard SSL 证书 [英] WCF over HTTPS using a WildCard SSL Certificate

问题描述

我们是在线浏览器内管理工具的开发者.我们的主要软件目前由我们的客户通过互联网托管和访问，每个客户都有自己的主要软件实例和子域.例如，customerA.ourdomain.com 指向在虚拟服务器上运行的客户 A 的服务.customerB.ourdomain.com 指向同一台或另一台虚拟服务器上的另一项服务，反之亦然.

We are the developers of a online in-browser management tool. Our primary software is currently hosted and accessible to our customers over the internet, every customer has its own primary software-instance and subdomain. For example customerA.ourdomain.com directs to a service for Customer A running on a virtual server. customerB.ourdomain.com directs to another service on the same or another virtual server and vice versa.

我们正在切换到 Windows Phone 和 Store 应用程序.目前我们已经开发了 WCF 服务和 WP 应用程序.WCF 服务与我们的主软件在我们的一个虚拟服务器上并行运行，并且可以通过测试子域访问.我们已经使用 90 天的跟踪证书成功地保护了应用程序和服务之间的连接.此证书包含完整的子域名.

We are in the process of switching to Windows Phone and Store apps. Currently we have developed a WCF service and a WP app. The WCF service is running side-by-side with our primary software on one of our virtual servers and is accessible by a test subdomain. We have succesfully secured the connection between the app and service using a 90-day trail certificate. This certificate contains the full subdomain name.

我们现在希望通过使用通配符证书来保护我们的 WCF 服务，因此涵盖了每个客户和/或子域，我们不需要为每个客户购买证书.

We now would like to secure our WCF service by using a WildCard certificate, so each customer and/or subdomain is covered and we don't need to purchase a certificate for each customer.

WCF 可以实现吗?这是以前做的吗?CN 名称将是 *.ourdomain.com.客户将通过输入他们自己的子域名将他们的手机连接到他们自己的服务.换句话说:WP 应用应该能够使用相同的证书连接到在 customerA.ourdomain.com 或 customerB.ourdomain.com 上运行的 WCF 服务.

Is this possible with WCF? Is this done before? The CN name will be *.ourdomain.com. Customers will connect with their phones to their own service by entering their own subdomain name. In other words: the WP app should be able to connect to a WCF service running on customerA.ourdomain.com or customerB.ourdomain.com using the same certificate.

非常感谢！

推荐答案

这可以用 WCF 实现吗?这是以前做过的吗?

Is this possible with WCF? Is this done before?

是的，我们已经成功地使用了来自 DigiCert 的通配符证书若干年

Yes, we have been using a wildcard certificate from DigiCert successfully for a number of years

它们提供了一个实用程序来确保正确安装证书.

They provide a utility to ensure the certificate installs correctly.

就 WCF 配置而言，它与您已经拥有的类似

In terms of WCF config its similar to what you would already have

<serviceCredentials>
    <serviceCertificate x509FindType="FindBySubjectName" findValue="*.ourdomain.com" storeLocation="LocalMachine" storeName="My"/>
</serviceCredentials>

在相关说明中，您可以生成您自己的通配符证书(用于测试目的)，它通过填充SubjectAltNames 字段

On a related note you can produce your own wildcard certificate (for testing purposes) which works by populating the SubjectAltNames field

这篇关于WCF over HTTPS 使用 WildCard SSL 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！