Index
- Prerequisites
- Source Material
- CA Creation
- Service Certificate Creation
- Certificate Permissions
- Client Certificate deployment
- Config file examples
Intro
The idea of this post is follow the different steps you need to accomplish in order to build and use a ssl certificate on your own.Prerequisites
VS 2013 cmd promptFindPrivateKey (http://blog.rhysgoodwin.com/windows-admin/findprivatekey-exe-pre-compiled/)
Source Material
Create Development Certificate Authority and Certificate (https://msdn.microsoft.com/en-gb/library/ff647171.aspx)How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms (https://msdn.microsoft.com/en-us/library/ff648360.aspx)
CA Creation
- makecert -n "CN=RootCATestMWM" -r -sv RootCATestMWM.pvk RootCATestMWM.cer
- Install RootCATestMWM.cer into Computer Certificates under Trusted Root Certification Authorities
- makecert -crl -n "CN=RootCATestMWM" -r -sv RootCATestMWM.pvk RootCATestMWM.crl
- Install RootCATestMWM.crl into Computer Certificates under Trusted Root Certification Authorities
Service Certificate Creation
makecert -sk MWMWCFkey -iv RootCATestMWM.pvk -n "CN=MWMWCF" -ic RootCATestMWM.cer -sr localmachine -ss my -sky exchange -peCertificate Permissions
- FindPrivateKey.exe My localmachine -n "CN=MWMWCF"
- view permissions (swap out private key and folder as necessary)
- cacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a4xx8832dca5a244d3f9_a8ab4228-7aa5-413e-xxxx-1a5f48e30d15
- edit permissions (swap out private key and folder as necessary)
- cacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9ax5fe8832dca5a244d3f9_a8ab4228-7aa5-413e-be66-1a5f48e30d15 /E /G "NT AUTHORITY\NETWORK SERVICE":R
Client Certificate deployment
Copy the root CA certificate (RootCATest.cer) and private key file (RootCATest.pvk), to the client machine.makecert -sk MWMWCFKey -iv RootCATestMWM.pvk -n "CN=MWMWCFClient" -ic RootCATestMWM.cer -sr CurrentUser -ss my -sky signature -pe MWMWCFClient.cer
makecert -sk MWMWCFKey -iv RootCATestMWM.pvk -n "CN=MWMWCF" -ic RootCATestMWM.cer -sr LocalMachine -ss my -sky signature -pe MWMWCFClient.cer
WCF URL ACL Grant Permissions
netsh http add urlacl url=http://+:PortNumber/MyService user="NT AUTHORITY\NETWORK SERVICE"Config file examples
WCF Service config ExampleWCF Client Config Example
That's all for today, I hope this posts gives you clarity on how to create your own Certificates and start securing up your applications.
0 comments:
Post a Comment