Using MakeCert to Create a Valid Production Client Certificate to Authenticate WCF

StackOverflow https://stackoverflow.com/questions/14150258

Question

I purchased a real SSL certificate to authenticate my computer and the domain I am hosting some WCF services under.

How can I use MakeCert to create a client certificate signed by this authentic certificate to use on client computers to authenticate that they are connected to the correct (my) server?

The client certificate will be used to authenticate the use of a WCF service on my server.

Was it helpful?

Solution

  1. In general you can't. Each certificate is issued for particular purpose (key usage). In your case it's most likely SSL authentication. Such certificates can't be used to sign other certificates (well, technically they can but such signature won't be accepted during validation). CA-capable certificates cost a fortune and you need to meet certain organizational requirements.

  2. You don't need to create a client certificate just to authenticate the server - server's certificate is used for this purpose. Client certificates are used to tell the server who the clients are, i.e. for client authentication on the server. And for such certificates you don't need to sign them with server's certificate - you can either create self-signed client certificates or create one self-signed certificate which will act as a CA and make it trusted on the server. Then use this self-signed certificate to issue client certificates.

Doing all of the above requires understanding of how PKI and X.509 certificates work (and BTW they are not "SSL certificates" and are not related to SSL).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top