X.509 Certificates
.png "patterns & practices Developer Center")
- How do I create X.509 certificates?
- Do I need to create a certificate signed by the root CA certificate?
- How do I use X.509 certificate revocation?
How do I create X.509 certificates?
In a production environment, use an X.509 certificate issued by a certificate authority (CA) such as VeriSign. In a development environment, use the MakeCert utility to create a temporary X.509 certificate.
Note
Do not use temporary development certificates in a production environment as this will expose your communication channel to malicious spoofing, sniffing, and tampering.
Additional Resources
- For more information on working with certificates in WCF, see Working with Certificates.
- For more information on creating certificates for message security, see How to: Create and Install Temporary Certificates in WCF for Message Security During Development.
- For more information on creating certificates for message security, see How to: Create and Install Temporary Certificates in WCF for Transport Security During Development.
Do I need to create a certificate signed by the root CA certificate?
In a production environment, you can use an X.509 certificate issued by a CA such as VeriSign; this will be created off of the certificate authority's root certificate. In a development environment, you can create a temporary root certificate and then generate another certificate signed by the root for use by the service.
Note
Do not use temporary development certificates in a production environment as this will expose your communication channel to malicious spoofing, sniffing, and tampering.
Additional Resources
- For more information on working with certificates in WCF, see Working with Certificates.
- For more information on creating certificates for message security, see How to: Create and Install Temporary Certificates in WCF for Message Security During Development.
- For more information on creating certificates for message security, see How to: Create and Install Temporary Certificates in WCF for Transport Security During Development.
How do I use X.509 certificate revocation?
By default, WCF services are configured to check certificate revocation when using certificate authentication. To revoke the certificate used by your service, contact the CA who issued the certificate and ask them to perform a certificate revocation and issue you a new certificate.
Additional Resources
- For more information on working with certificates in WCF, see Working with Certificates.