Creating a Certificate for a WCF Service
Michele Leroux Bustamente’s excellent article details out the Web.config settings for a WCF service that requires UserName credentials. The intention is for a RoleProviderPrincipal with a GenericIdentity reference to be attached to the thread, instead of a WindowsPrincipal with a WindowsIdentity reference which is the default.
To create the certificate required by the service, use the makecert.exe Certificate Creation Tool at the command prompt, as follows:
> makecert -n "CN=TempCA" -r -sv TempCA.pvk TempCA.cer
> makecert -sr LocalMachine -ss My -a sha1 -n CN=MyTestCert -sky exchange -pe -ic TempCA.cer -iv TempCA.pvk
makecert.exe can be found in %ProgramFiles%\Microsoft SDKs\Windows\<version>\bin.
After that you might need to use the Windows HTTP Services Certificate Configuration Tool to grant access to the certificate to Everyone (for testing purposes only):
> WinHttpCertCfg -g -c LOCAL_MACHINE\My -s MyTestCert -a Everyone
Then, for serviceCertificate, remove findValue and leave the rest:
<serviceCertificate x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
Comments: