WCF with netTcpBinding and Certificate transport security

Question

I need to secure a WCF service that uses netTcpBinding and connects directly with a Windows Forms based application. I only need it to be secured at the transport layer.

I'm pretty sure that I have it working locally, i.e. I can run the service locally, and connect to it with the client.

When I try to setup the service so that it is running on a server as opposed to my local machine, I'm having certificate issues. The error log says that the certificate must have a private key that is capable of key exchange and that the process must have access rights for the private key.

I'm using a development certificate created using makecert.

makecert -n "CN=MY COMPANY DEBUG" -pe -sky exchange Debug.cer

I must admit that I'm very new to using certificates. Does anyone have any pointers on how I can fix this, or a better way to use a certificate to add transport security to a WCF service using netTcpBinding?

Thanks.

Answer 1

Try this:

makecert -n "CN=MY COMPANY DEBUG" -pe -sky exchange Debug.cer -sv Debug.pvk
pvk2pfx -pvk Debug.pvk -spc Debug.cer -pfx Debug.pfx

You will then end up with three files, the .cer file (public key), the .pvk (private key), and the .pfx (key exchange with both). You can then install the .pfx file on the server like so:

certutil -p "" -importPFX Certificates\Debug.pfx

At the client end, you only need to install the .cer file. These installs (.cer and .pfx above) you can also do through the Certificates MMC snap-in (Start, Run, MMC.exe, then add the Certificates snap-in for the current machine).

Answer 2

Read this (covers https case but still may help) and this.

Since we are talking about transport-level security, I don't think your server process should know anything about certificate you are using to provide it.