Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
I have followed the step-by-step to enable X509 using makecert.exe which is pretty easy.
But I can not buy certificates from Certificate Authority (e.g. VerySign). Then, I am looking for altenatives and I would like to know some suggestions for my scenarios. I started to google and I found some articles about Microsoft Certificate Services. Is that only for repository or can I use as tool for generating certificates and then avoid to spend money with CA?
Now I am reading an excelent article (WCF Client Server Application with Custom Authentication, Authorization, Encryption and Compression) to improve my knowledge about security but this article is more complex than I really need. I am just looking for a way to implement security my WCF web services, maybe using public and private keys, AES and RSA but without envolving CA. Could someone give me suggestions? Maybe some article which show how implement security over WCF without buying certificates from CA?
Posted 31-Jan-13 3:55am
Comments
Sergey Alexandrovich Kryukov at 31-Jan-13 10:48am
   
You can use self-signed certificate, but you should understand that it is not related to security of your application/service (unless you also require personal certificates from each user, which is also possible). It only creates some trust in the users: a user can see that your service is certified and can check it up with the authority. If you provide self-signed one, you should think if you need a certificate at all or not.
—SA
DemeCarv at 31-Jan-13 12:37pm
   
Sergey, first of all, thank you. Could you explain what you mean by "unless you also require personal certificates from each user". I understand that if I use self-signed certificate I wouldn't reach realy secury communication. But this phrase you wrote seems to exist some workaround for who can't buy certificates. And other related question: beyond the certificate option, which else option to secury the communication between wcf client and the server?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 240
1 Kamal Rocks 184
2 PIEBALDconsult 150
3 BillWoodruff 148
4 Jochen Arndt 135
0 OriginalGriff 5,695
1 DamithSL 4,506
2 Maciej Los 4,007
3 Kornfeld Eliyahu Peter 3,480
4 Sergey Alexandrovich Kryukov 3,190


Advertise | Privacy | Mobile
Web03 | 2.8.141216.1 | Last Updated 31 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100