ssl - Certificate on a WCF service that does not use IIS

Question

I have a WCF application that normally runs in IIS (for my testing and production environments). But when I run it from my debugger it is setup to run self hosted (that is, a console window pops up and IIS is NOT used).

I also have a client application that I connect to the WCF application. Normally when I am testing my client application (that runs on Windows Mobile) it is setup to connect to one of my testing environments (I have a development environment for me to test in).

The problem I am having now is that there seems to be a disconnect between what the client is sending and what the WCF application is getting. I need to debug my WCF application.

I can run my WCF application and then change the URL of my client to point the debugger version, but my services run with SSL and have a certificate that the client is hardcoded to expect.

I would rather not disable that part of my code (on the client). Is there a way to install the certificate on my self-hosted WCF application?

Answer 1

I just want to add some helpful information on how to programatically install an SSL certificate for a self-hosted WCF service. This does not cover how to get the WCF application to use the SSL certificate, since that is well-documented elsewhere on the web.

This is intended to be run at setup time by an administrator, and not by the actual application itself, which in this example, runs under the limited Network Service account.

• The code must run as an administrator.
• Set the HTTP Namespace reservation programatically using the example in Programatically Granting a Namespace Reservation.
• Set the SSL information programatically using the example in Changing the Certificate associated with IP address using HttpServiceConfiguration.

You can then use those code samples to install and configure the certificate:

if (!IsAdministrator())
{
   Console.WriteLine("Must run "+
                "as a user with local Administrator privileges.");
   Environment.Exit(-1);
}

//Open the cert.
X509Certificate2 certificate = new X509Certificate2(certFilePath);

//Add it to the local store
X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Add(certificate);
certStore.Close();

//Reserve an HTTPS namespace for it.
string urlPrefix = string.Format("https://+:{0}/{1}", portNum, appPath);
ReserveHttpNamespace.ModifyReservation(urlPrefix, "Network Service", false);

//Set the SSL cert for this service.
SetSSLCert.BindCertificate("0.0.0.0", portNum, certificate.GetCertHash());

You can then check that this ran correctly using the helpful HttpCfg UI Tool.