en-us/library/ff650751.aspx
makecert -n "CN=RootCaClientTest" -r -sv RootCaClientTest.pvk RootCaClientTest.cer
makecert -crl -n "CN=RootCaClientTest" -r -sv RootCaClientTest.pvk RootCaClientTest.crl
In this step, you install the CRL from the file in the Trusted Root Certification Authorities location on both the server and client machines. The CRL is checked during the certificate validation process.
makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer -sr localmachine -ss my -sky exchange -pe
makecert -sk MyKeyName -iv RootCaClientTest.pvk -n "CN=tempClientcert" -ic RootCaClientTest.cer -sr currentuser -ss my -sky signature -pe
en-us/library/ff647171.aspx
C:\Users\l00178911\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-147214757-305610072-1517763936-1100010
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
FindPrivateKey.exe My LocalMachine -n "CN=tempCert"
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK SERVICE":R
IIS APPPool\Default AppPool
netsh http add urlacl url="http://+:9080/Citrix/VirtualDesktopAgent/" user="NT AUTHORITY\NETWORK SERVICE"
client
makecert -n "CN=RootCaClientTest" -r -sv RootCaClientTest.pvk RootCaClientTest.cer
makecert -crl -n "CN=RootCaClientTest" -r -sv RootCaClientTest.pvk RootCaClientTest.crl
In this step, you install the CRL from the file in the Trusted Root Certification Authorities location on both the server and client machines. The CRL is checked during the certificate validation process.
makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer -sr localmachine -ss my -sky exchange -pe
makecert -sk MyKeyName -iv RootCaClientTest.pvk -n "CN=tempClientcert" -ic RootCaClientTest.cer -sr currentuser -ss my -sky signature -pe
en-us/library/ff647171.aspx
C:\Users\l00178911\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-147214757-305610072-1517763936-1100010
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
FindPrivateKey.exe My LocalMachine -n "CN=tempCert"
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK SERVICE":R
IIS APPPool\Default AppPool
netsh http add urlacl url="http://+:9080/Citrix/VirtualDesktopAgent/" user="NT AUTHORITY\NETWORK SERVICE"
“You have a private key that corresponds to this certificate” displayed at the bottom
various host servicehost
en-us/library/vstudio/ms733069(v=vs.100).aspx
service
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="HelloWCFCertAuth.Service" behaviorConfiguration="ServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8000/WSHello/winservice"/>
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="HelloWCFCertAuth.IService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
<!--
-->
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate findValue="testserver" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
client
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v2.0.50727" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="NewBehavior">
<clientCredentials>
<clientCertificate findValue="testclient" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost:8000/WSHello/winservice"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
behaviorConfiguration="NewBehavior"
contract="IService" name="WSHttpBinding_IService">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAdYx8oFyWPPGmOPm1j5rysdI/rkkgAAAAAQAAAO0BAAAwggHpMIIBVqADAgECAhCm1CH2BMxUh0Y2MiWZ+VunMAkGBSsOAwIdBQAwETEPMA0GA1UEAxMGVGVtcENBMB4XDTE0MDUwODA4MjMyOFoXDTM5MTIzMTIzNTk1OVowFTETMBEGA1UEAxMKdGVzdHNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAonw7BV5DZqKpy7ZIQWbgW6iFVtecH7jZuM7Ujzy9OaM9phqasytg2fQ5wj97eILzMYo4BPxbdvQ4xznqkK5dxWb1CInVLHe/wqVvKvWBODwFz1GwOYDzCa+iHWlpT5gSX07Zwr0eoyHYcryaLloezw6a7I4B4KZ5RX+LXALHflkCAwEAAaNGMEQwQgYDVR0BBDswOYAQJ5DDWy8Aq3y4FgGmr+6QAaETMBExDzANBgNVBAMTBlRlbXBDQYIQyPRbiyg7d59HHiZAHTusSzAJBgUrDgMCHQUAA4GBABB3FC1pMkFe1AKpf9fuBOal0j0JYzin9O8rcS2K0N4AoNg2pJEyzu0fz0hjQfM+Zh/Y/c80NMiNQiVivQLpk9rrCQV/XuK8XxPmpPFFH/XjoFge47FXw7L1fS42zXzehodBLCG/kWuSJpoWRmixAbbJFWiooEX2aui0tnWXHtnv" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
扫一扫
193
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
