具有 netTcpBinding 和证书传输安全性的 WCF [英] WCF with netTcpBinding and Certificate transport security
问题描述
我需要保护使用 netTcpBinding 并直接与基于 Windows 窗体的应用程序连接的 WCF 服务.我只需要在传输层对其进行保护.
I need to secure a WCF service that uses netTcpBinding and connects directly with a Windows Forms based application. I only need it to be secured at the transport layer.
我很确定它可以在本地运行,即我可以在本地运行服务,并通过客户端连接到它.
I'm pretty sure that I have it working locally, i.e. I can run the service locally, and connect to it with the client.
当我尝试设置服务以使其在服务器而不是本地计算机上运行时,我遇到了证书问题.错误日志表明证书必须具有能够进行密钥交换的私钥,并且该进程必须具有对私钥的访问权限.
When I try to setup the service so that it is running on a server as opposed to my local machine, I'm having certificate issues. The error log says that the certificate must have a private key that is capable of key exchange and that the process must have access rights for the private key.
我正在使用使用 makecert 创建的开发证书.
I'm using a development certificate created using makecert.
makecert -n "CN=MY COMPANY DEBUG" -pe -sky exchange Debug.cer
我必须承认我对使用证书很陌生.有没有人对我如何解决这个问题有任何指示,或者有更好的方法来使用证书向使用 netTcpBinding 的 WCF 服务添加传输安全性?
I must admit that I'm very new to using certificates. Does anyone have any pointers on how I can fix this, or a better way to use a certificate to add transport security to a WCF service using netTcpBinding?
谢谢.
推荐答案
试试这个:
makecert -n "CN=MY COMPANY DEBUG" -pe -sky exchange Debug.cer -sv Debug.pvk
pvk2pfx -pvk Debug.pvk -spc Debug.cer -pfx Debug.pfx
然后您将得到三个文件,.cer 文件(公钥)、.pvk(私钥)和 .pfx(与两者交换密钥).然后,您可以像这样在服务器上安装 .pfx 文件:
You will then end up with three files, the .cer file (public key), the .pvk (private key), and the .pfx (key exchange with both). You can then install the .pfx file on the server like so:
certutil -p "" -importPFX CertificatesDebug.pfx
在客户端,您只需要安装 .cer 文件.这些安装(上面的 .cer 和 .pfx)您也可以通过证书 MMC 管理单元(开始、运行、MMC.exe,然后为当前计算机添加证书管理单元)来完成.
At the client end, you only need to install the .cer file. These installs (.cer and .pfx above) you can also do through the Certificates MMC snap-in (Start, Run, MMC.exe, then add the Certificates snap-in for the current machine).
这篇关于具有 netTcpBinding 和证书传输安全性的 WCF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
