protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration); base.ModifyHost(serviceHost, context); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create an expired certificate CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpExpiredServerCertResource", ValidityType = CertificateValidityType.Expired, ValidityNotBefore = DateTime.UtcNow - TimeSpan.FromDays(4), ValidityNotAfter = DateTime.UtcNow - TimeSpan.FromDays(2), //If you specify multiple subjects, the first one becomes the subject, and all of them become Subject Alt Names. //In this case, the certificate subject is CN=fqdn, OU=..., O=... , and SANs will be fqdn, hostname, localhost //We do this so that a single bridge setup can deal with all the possible addresses that a client might use. //If we don't put "localhost' here, a long-running bridge will not be able to receive requests from both fqdn and localhost //because the certs won't match. Subject = s_fqdn, SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration); serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom; serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator("DO_NOT_TRUST_WcfBridgeRootCA"); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create a certificate and add to the revocation list CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpRevokedServerCertResource", ValidityType = CertificateValidityType.Revoked, Subject = s_fqdn, SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create a certificate and add to the revocation list CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { IsValidCert = false, Subjects = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureRevokedCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); CertificateManager.RevokeCertificate(CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration), cert.SerialNumber); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used // Exactly one subject name, which is going to be the CN CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameLocalhostResource", Subject = "localhost", SubjectAlternativeNames = new string[0], ValidityType = CertificateValidityType.NonAuthoritativeForMachine }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used // CN=not-real-subject-name means that a cert for "not-real-subject-name" will be installed // Per #422 this shouldn't matter as we now check with SAN CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpCertificateWithServerAltNameResource", Subject = "not-real-subject-name", SubjectAlternativeNames = new string[] { "not-real-subject-name", "not-real-subject-name.example.com", s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }