Transport Level Security with SSL Certificate based Authentication

Certificate based authentication can be used when Global daemons are communicating through an unsecured network or different trust boundaries.

The following XML is used to configure the binding to use Certificate based authentication.

Note:
The following setting must be consistent within the GlobalWCFClient.config and AdmindWCF.exe.config files.

<security mode="Transport">

<transport clientCredentialType="Certificate"/>

</security>

Note:
The user must make sure that a certificate has been pre-installed and configured. Refer to the section Certificate Based Authentication.

The user must specify information about the certificate to enable network level security with certificate authentication.

The following block is specified in the Service behaviour and must be modified in the AdmindWCF.exe.config file.

<serviceBehaviors>

<behavior name="GlobalWcfServiceBehavior">

<serviceMetadata httpGetEnabled="true" />

<serviceDebug includeExceptionDetailInFaults="true" />

<serviceCredentials>

<clientCertificate>

<authentication trustedStoreLocation="LocalMachine" certificateValidationMode="None">

</authentication>

</clientCertificate>

<serviceCertificate findValue="tempCert" x509FindType="FindBySubjectName" storeLoca\-tion="LocalMachine" />

</serviceCredentials>

</behavior>

</serviceBehaviors>

The user must specify:

The GlobalWCFClient.config file has an equivalent <endpointBehaviors> element that must be modified to match the configuration changes made in the Service Behaviours of the AdmindWCF.exe.config file.

To view an example of configuration files with Certificate based authentication, extract the contents of the GlobalWCF_SampleConfigFiles folder file and navigate to the sub folder TransportSecurityCertificateAuthentication.