Few Query about wcf with SSL & Certificate

Question

here i am asking few basic question about wcf ssl & certificate

i am new in wcf and also to be very honest that i have basic problem to understand the SSL & certificate.

1) i like to know that when we enable SSL then every time we need to use certificate or the same way when we attach certificate with wcf then SSL will be used implicitly.

2) SSL & Certificate both are same or different in concept ?

3) when we self host wcf service then can we enable SSL or certificate...which one will be applicable ?

4) tcp binding for certificate is not related with http. so when we work with tcp binding then can we enable SSL for tcp binding.

5) what is difference between SSL & Certificate ?

6) when we use certificate at service end then client end which consume & call the service they always need to install certificate. if not then when client need to install certificate & when not required. one guy told me that client need to install certificate only when mutual authentication is required but i do not know about what mutual authentication ?

i know i asked very basic question. if possible please explain all my points in details to clear my doubts. thanks

UPDATE

1) i like to know that when we enable SSL then every time we need to use certificate or the same way when we attach certificate with wcf then SSL will be used implicitly.

you said as follows :- When enabling Transport security the endpoint address must include the HTTPS protocol, otherwise an exception will be thrown when you go to start the service. For HTTPS to work on that endpoint, then you need an X.509 Certificate bound to the specified port as well.

why you said this :- When enabling Transport security the endpoint address must include the HTTPS protocol

https come to play when we host our wcf service in IIS. suppose when we host wcf service in self host and tcp used as binding then why we need to include https in endpoint because you said enabling Transport security and endpoint address must include the HTTPS protocol....is it correct ? may be i could not understand what you are trying to say. can you please explain in detail what you are trying to say for the point 1

6) when we use certificate at service end then client end which consume & call the service they always need to install certificate. if not then when client need to install certificate & when not required. one guy told me that client need to install certificate only when mutual authentication is required but i do not know about what mutual authentication ?

here i just trying to know that when wcf service will hosted and attached with certificate then is it mandatory that client who consume the service he/she need to use certificate at client end ?

i guess it is not mandatory. only two end use certificate when mutual authentication would be consider. am i right ?

in case of mutual authentication server & client end need to install or use same certificate or client can use different certificate purchase from abc.com and server end purchase certificate from xyz.com.

please clearly discuss my above two points in details. thanks for your time & answer.

Answer 1

Okay here we go:

1) i like to know that when we enable SSL then every time we need to use certificate or the same way when we attach certificate with wcf then SSL will be used implicitly.

When enabling Transport security the endpoint address must include the HTTPS protocol, otherwise an exception will be thrown when you go to start the service. For HTTPS to work on that endpoint, then you need an X.509 Certificate bound to the specified port as well.

2) SSL & Certificate both are same or different in concept ?

SSL certificates are a type of X.509 Certificate*. In TLS (which SSL is a predecessor of), virtually all certificates are X.509 certificates.

3) when we self host wcf service then can we enable SSL or certificate...which one will be applicable ?

When using Transport level security, the Self-Hosted Service will make use of the X.509 certificate bound to the port of the endpoint that it is listening at. Setting the service certificate will have no impact in this case.

4) tcp binding for certificate is not related with http. so when we work with tcp binding then can we enable SSL for tcp binding.

Yes, Transport level security provided for TCP is Windows security by default which is SSL over TCP. When using SSL over TCP, you must explicitly specify the certificate by using the SetCertificate method on the Self-Hosted Service.

5) what is difference between SSL & Certificate ?

As stated above, essentially SSL is a subset of X.509 Certificates - technically speaking the relationship isn't as simple as that, but typically you use X.509 Certificates for SSL\TLS.

6) when we use certificate at service end then client end which consume & call the service they always need to install certificate. if not then when client need to install certificate & when not required. one guy told me that client need to install certificate only when mutual authentication is required but i do not know about what mutual authentication ?

Mutual SSL authentication is when the client and server each provide a digital certificate so each party can verify the identity of the other. Here's a great article on Mutual SSL Authentication if you're interested.

This isn't necessary though and only one of the many options you have when using Transport security - see more options here: HttpClientCredentialType.

You can also still do security at the Transport level while passing credentials at the Message level by using TransportWithMessageCredential - then you can use set Client Credentials to use a BasicHttpMessageCredentialType and use UserName instead.

_{*: Other types of certificates can be used for SSL\TLS such as OpenPGP - but it is far from common.}