Click here to Skip to main content
15,850,103 members
Please Sign up or sign in to vote.
5.00/5 (1 vote)
See more:
I am trying to explore Transport security with WCF using HTTPS protocol. I have created a certificate using makecert command and imported it in the Personal and Trusted people of Current User from Personal of Local Machine. I then configured my IIS (7.5) to accept https binding and attached the certicifate that I created.
When I try to browse to the .svc file from my browser, it gives the following error -

The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Why am I getting this error? is this because makecert does not produce real time production certificate? Is there any way to get around this?

If this persists, how am I supposed to test WCF security with https and see how it works real time? Can anyone help?

1 solution

Have you installed the self signed cerificate to root authority level? It needs to be able to validate your certificate chain up to root level[^]

You can also add a certificate exception for the site, see here[^]

Edit: I've just written a tip / trick around this that may help you

Using IE to Install a Root Certificate Authority [^]
Share this answer
anshudutta 1-Feb-11 3:47am    
Thanks for your reply.
I did what you said, but it still shows the certificate error. Also, when I install certificate through the browser, it does not show in the Trusted Directrory. I tried manually importing the certificate in the Trusted folder, but it still shows the certificate error.
Note - When i browse the .svc file through IE or chrome, they show me the certificate error. But Firefox somehow has no problem. My concern is, if the certificate that I created and attached to the IIS (through https binding) is not valid, I would get error when my clien tries to call the service through proxy. Any idea?
Dylan Morley 1-Feb-11 4:17am    
When you were installing into Trusted Root (either through IE or the Certificate manager Add-in MMC) did you see any errors?

Do .. Start -> Run -> mmc -> File -> Add \ Remove Snap In -> Add -> Certificates -> 'My User Account' - Finish (close all dialogs)

In Certificates - Current User -> Trusted Root Certification Authorities -> Certificates, can you see any of your details here?

If your client tries to call your service in code, the machine making the call would need to be able to validate the certificate chain otherwise they will see errors \ warnings. The machine consuming the service needs to be able to validate the certificate all the way to the root authority.

There are other ways around this during testing as well. The *consumer* of your service can write some code to ignore \ verify your certificate.

(look at Step 5 - consume the Service + the comment at the bottom for verifiying rather than ignoring warnings)

When your application goes into production, you should make sure the certificate installed on IIS is from a trusted root authority.
anshudutta 1-Feb-11 7:05am    
I don't get any errors as such. Only chrome and IE says the certificate is not trusted. This even when I imported my certificate in the Trusted Root Certification Authorities folder. In a nutshell, I have my certificates in the Trusted Root Certification Authorities but still get the certificate error in IE / chrome (but not firefox). I do not want to make the client ignore the certificate error as that would just bypass the problem and not address the issue.
Did you ever try and do what I am doing in your local system? Did you face these problems?
Dylan Morley 1-Feb-11 9:28am    
Can you just confirm when you say local system....are you trying to access your service like



anshudutta 2-Feb-11 2:07am    

I am using IIS 7.5 with windows 7. I have confiured https binding in port 8083 in my IIS. I have attached a certificate to that port called MyWCFServiceCert which I created using makecert. I then followed the steps that you mentioned.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900