网络服务和数字证书 [英] Web service and Digital certificates

问题描述

我正在开发使用数字证书保护的Web服务.
我已将Web服务的属性设置为需要客户端证书"，并且尝试从客户端访问Web服务，但无法访问，这是正确的.但是即使安装了证书(.cer文件也不只包含公共密钥)，我也无法访问.所以我尝试安装(.pfx，带有私钥和公钥的文件)，我可以访问.

我的问题是:
在客户端，是否需要安装.pfx文件.
如果是，与客户端共享私钥是否安全.

Hi,

I am developing a web service secured with digital certificates.
I have set property of web service to "require client certificates" and i tried accessing the web service from client and i am not able to access, which is correct. But even after installing certificate (.cer, file does not include only public key), I am not able to access. So i tried installing (.pfx, file with both private and public key), I am able to access.

My question is:
At client side,is it necessary to install .pfx file.
If yes, is it safe to share private key with client.

Thanks in advance.

推荐答案

PFX扩展名在Windows服务器上用于包含公钥文件(您的SSL证书文件，由DigiCert提供)和关联文件的文件.私钥(由生成CSR时的服务器生成).

由于SSL证书必须同时使用公用密钥和私有密钥，因此始终需要PFX备份来将SSL服务器安全证书从客户端传输到服务器.

The PFX extension is used on Windows servers for files containing both the public key files (your SSL certificate files, provided by DigiCert) and the associated private key (generated by your server at the time the CSR was generated).

Since both the public and private keys are needed for an SSL certificate to function, a PFX backup is always needed to transfer an SSL server security certificate from client to server.

Senthil，

感谢您的回复.
私钥是否必须在客户端.据我了解，客户端只需要公钥即可加密数据，而服务器(安装了证书的服务器)则使用私钥

因此，在调用.cer包含公共密钥的Web方法之前，我使用下面的代码将证书传递给服务器
字符串filePath = @"C:\ Certificates \ test.cer";
test.Service serviceObj =新的test.Service();
serviceObj.ClientCertificates.Add(X509Certificate.CreateFromCertFile(filePath));
Response.Write(serviceObj.HelloWorld());

但是以上代码仅在客户端中安装了.pfx文件(包含私钥和公钥)的情况下有效.客户端真的需要.pfx吗?

谢谢.
Techie

Hi Senthil,

Thanks for the response.
Is it necessary for private key to be at client side. As per my understanding, the client only requires public key to encrypt data and server (where certificate is installed) use private key

so i use below code to pass certificate to server before calling web method where .cer contains public key

string filePath= @"C:\Certificates\test.cer";
test.Service serviceObj= new test.Service();
serviceObj.ClientCertificates.Add(X509Certificate.CreateFromCertFile(filePath));
Response.Write(serviceObj.HelloWorld());

But above code works only if .pfx file(contains private & public key) is installed in client. Is .pfx really required at client side?

Thanks.
Techie

这篇关于网络服务和数字证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！