26 December 2012

2-Way SSL for WCF Web Service Hosted on IIS

I recently was involved in getting the above to work in our environment. The steps follows:

  1. Ensure that the SSL certificates are correctly signed
  2. Ensure that the SSL certificate chain is present and valid
  3. Install the certificates in the “Current User” account for validation
    1. Execute mmc.exe, add “Certificates” snap-in with “My user account”
    2. Install the certificate within “Personal” store
    3. Verify by using Internet Explorer to retrieve the WSDL from the remote web service
    4. If the certificate and chain are correct, Internet Explorer will validate them and report so with “Certificate is OK”
  4. Install the certificates (and the entire chain) in the “Local Computer” account
    1. Execute mmc.exe, add “Certificates” snap-in with “Computer account”
    2. Install the certificate within “Personal” store
    3. Note the thumbprint of the certificate
  5. Configure the WCF web.config to make use of “Client Certificates” by finding the certificate
    1. within the “LocalMachine”
    2. using the thumbprint (remove the spaces)
  6. Note the IIS application pool name configured to execute requests to the WCF web service (e.g. web service pool)
  7. Find the certificate in mmc for “Local Computer” account, right-click on the certificate to “Manage Private Keys”
  8. In the Permissions Dialog,
    1. add the user “IIS AppPool\PoolName” (e.g. IIS App Pool\web service pool)
    2. allow the user “Full Control”

No comments: