<defaultCertificate> Element

  • Article

Specifies an X.509 certificate to be used when a service or STS does not provide one via a negotiation protocol.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior> of <endpointBehaviors>
        <clientCredentials>
          <serviceCertificate> of <serviceCredentials>
            <defaultCertificate> Element

Syntax

<defaultCertificate findValue="String" 
storeLocation=" CurrentUser/LocalMachine"
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher" 
x509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialiNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" />

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

Attribute Description

findValue

String. The value to search for.

x509FindType

Enumeration. One of the certificate fields to search.

storeLocation

Enumeration. One of the two system store locations to search.

storeName

Enumeration. One of the system stores to search.

Child Elements

None.

Parent Elements

Element Description

<serviceCertificate> of <clientCredentials> Element

Specifies a certificate to use when authenticating a service to the client.

Remarks

For bindings that use certificate-based message security, certificate specified by this configuration element is used to encrypt messages to the service and is expected to be used by the service for signing replies to the client. It stores a single certificate to be used when no certificate is specified by a service.

Example

The following example specifies a certificate to use for endpoints whose URI begins with https://www.contoso.com and a certificate to use for all other endpoints that do not perform certificate negotiation.

<serviceCertificate>
  <defaultCertificate findValue="www.contoso.com" 
                      storeLocation="LocalMachine"
                      storeName="TrustedPeople" 
                      x509FindType="FindByIssuerDistinguishedName" />
  <scopedCertificates>
     <add targetUri="https://www.contoso.com" 
          findValue="www.contoso.com" storeLocation="LocalMachine"
                  storeName="Root" x509FindType="FindByIssuerName" />
  </scopedCertificates>
  <authentication revocationMode="Online" 
   trustedStoreLocation="LocalMachine" />
</serviceCertificate>

See Also

Reference

<authentication> of <clientCertificate> Element
X509DefaultServiceCertificateElement
X509CertificateRecipientClientCredential
DefaultCertificate

Other Resources

Working with Certificates
Securing Clients
Securing Services and Clients