Certificates

WCF uses certificates for authentication. Certificates should be procured only from a trusted Certificate Authority (CA). Self-signed certificates cannot be used.

Communication fails if any of the following is true:

• The certificate has expired.

• The certificate chain is incomplete (intermediate and root certificates are not installed in Intermediate Certification Authorities and Trusted Root Certification Authorities, respectively).

• Client and service certificates are not installed in a personal folder of the local machine store.

Enter Certificate Information

Certificate text fields become active only when the selected binding protocol requires certificate authentication. You can provide either the certificate’s subject name or thumbprint, depending on the option selected in the Certificate Find Type dropdown.

Enter the subject name or thumbprint of the private key certificate installed at the current location in the client and service sections. The same certificate can be used for both client and service, except when using HTTPS, which requires separate client and service certificates.

In the above example, the Same Setting for Client and Services checkbox is disabled because client protocol binding uses a certificate. Selecting a service protocol that uses a certificate activates the service certificate fields.

Note: The global daemon acts as both client and service. The Client handles outbound communication, while the Service handles inbound communications.

Certificates you generate include both private and public key variants. Use the private key at your local location. Issue/export the certificate public key to the remote neighbour location.

Important: Installing the remote location’s public key certificate is optional, except when using basicHttp_Message_Certificate or wsHttp_Message_Certificate protocols. When using these protocols, remote service validation is mandatory. See Remote service validation for more information.