I have self-hosted WCF REST service. I would like to use SSL and consume service from browser. I used this blog post as initial point. Basically following steps:
Create and register certificate
makecert.exe -sk RootCA -sky signature -pe -n CN=localhost -r -sr LocalMachine -ss Root MyCA.cer
makecert.exe -sk server -sky exchange -pe -n CN=localhost -ir
LocalMachine -is Root -ic MyCA.cer -sr LocalMachine -ss My
MyAdHocTestCert.cer
bind certificate to port
netsh http add urlacl url="https://+:8015/" user=Domain\User
netsh http add sslcert ipport=0.0.0.0:8015
certhash=somehash
appid={601A2F31-E812-479A-B5EA-1B78A9683EE0}
Then I try to call some methods from chrome... and nothing happens.
Here is my WCF config:
<bindings>
<webHttpBinding>
<binding name="NewBinding0">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="Security" name="Microsoft.Samples.BasicHttpService.Service">
<endpoint address="https://localhost:8015" binding="webHttpBinding"
bindingConfiguration="NewBinding0" name="test" contract="Microsoft.Samples.BasicHttpService.IService"
kind="webHttpEndpoint" endpointConfiguration="" />
<endpoint address="https://localhost:8016" binding="mexHttpsBinding"
bindingConfiguration="" name="MEX" contract="IMetadataExchange"
kind="mexEndpoint" endpointConfiguration="mex" />
</service>
</services>
WCF trace log shows warning: Client certificate is required. No certificate was found in the request.
While using chrome://net-internals/#events shows error:
SSL_CERTIFICATES_RECEIVED
--> certificates =
-----BEGIN CERTIFICATE-----
base64 certificate
-----END CERTIFICATE-----
t=1386677875080 [st= 4] SOCKET_BYTES_SENT
--> byte_count = 59
t=1386677875080 [st= 4] -SSL_CONNECT
... (send/receive part)...
t=1386677875123 [st=47] SSL_CLIENT_CERT_REQUESTED
t=1386677875123 [st=47] SSL_READ_ERROR
--> **net_error = -110 (ERR_SSL_CLIENT_AUTH_CERT_NEEDED)**
...
Here is what going on according to fiddler:
Tunel to localhost:8015 (Standart SSL handshaking)
**Request**
CONNECT localhost:8015 HTTP/1.1
Host: localhost:8015
....
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
....
Standard response with server certificate common data.
After handshaking browser sends GET request without any information about certificate or SSL at all and as a result 403 Forbidden.
The funny part is that the first time I did it, I could setup Fiddler with ClientCertificate and use Fiddler as a proxy everything worked(still direct calls from browser without Fiddler didn't work). Now after some manipulations (deleting sslcert, create new certs and so on) I've broken even this Fiddler behavior,so nothing works -- with or without Fiddler...
1) So, what steps did I missed? Should I create or import certificate for browser?
2) Who is responsible for establishing SSL connection, I mean who responded with server certificate?... I guess it is OS part (WinInet.dll). It is definitly not my service,because I didn't specify any certificate info, neither for service nor for client.
3) Should I specify serviceCertificate or clientCertificate in serviceCredentials?
Thanks in advance!
https://stackoverflow.com/questions/20495279
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian