Monday, March 28, 2005

X.509 Certificates

You can obtain an X.509 certificate by using one of the well-known certificate authorities (CA) like Verisign, or simply by creating your own CA using Windows Certificate Services. After installing this service—which is an optional component of Windows 2000 Server or Windows Server 2003—you can point your browser to http://servername/certsrv to request the creation of a new certificate. After authorization of your request by a system administrator, you can add your newly created certificate to your private certificate store by using the same Web application at http://servername/certsrv. Please also make sure to add the certification authority's root certificate to your Web server's "Local Machine" store by manually selecting the store location (including "physical location") during the certificate import.

You can use the Certification Creation Tool (makecert.exe) to create an X.509 certificate for testing purposes and then convert it to an SPC (software publisher's certificate). The following command creates a new X.509 certificate and a private key file.

makecert -sv TestPrivateKey.pvk TestCert.cer

Then you can convert the X.509 certificate into an SPC with the SPC Test tool (cert2spc.exe), as follows:

cert2spc TestCert.cer TestSPC.spc

You can sign an assembly with an SPC as follows:

signcode -spc TestSPC.spc -v TestPrivateKey.pvk Test.dll

If you right-click the assembly in the Windows Explorer and select the Properties menu item, you will see that a Digital Signature tab is available.

You might get an X.509 certificate from other people. To use it in your programs, you need to install it in the local machine store. To install X.509 certificates, open a MMC console with the Certificates snap-in. In the console tree, under Personal, click Certificates. Open the certificate import wizard by opening the context menu, click Import. Follow the instructions in the Wizard to import the certificates. You may install in the Local Computer Personal Certificates account in a similar way.

References:
Ingo Rammer, Using Role-Based Security with Web Services Enhancements 2.0
Adam Freeman and Allen Jones, Programming .NET Security
Michael Stiefel, Securing Service Oriented Architecture with WSE 2.0

2 Comments:

At 5:12 PM, Anonymous Anonymous said...

louis vuitton outlet, ugg boots, ray ban sunglasses, oakley sunglasses, louis vuitton outlet, longchamp pas cher, prada outlet, polo ralph lauren outlet, nike outlet, chanel handbags, louboutin outlet, longchamp outlet, louis vuitton, nike air max, cheap oakley sunglasses, longchamp outlet, jordan shoes, louis vuitton, nike free, tiffany and co, tory burch outlet, prada handbags, replica watches, nike roshe run, longchamp, louboutin, air max, ralph lauren pas cher, christian louboutin outlet, replica watches, louis vuitton, nike air max, kate spade outlet, louboutin pas cher, nike free, oakley sunglasses, sac longchamp, oakley sunglasses, polo ralph lauren outlet, louboutin shoes, uggs on sale, ray ban sunglasses, ray ban sunglasses, burberry, gucci outlet, oakley sunglasses, tiffany jewelry, ugg boots, air jordan pas cher, michael kors

 
At 5:14 PM, Anonymous Anonymous said...

coach outlet, ugg boots, vans pas cher, michael kors, hollister, coach purses, nike air max, ray ban uk, sac guess, ray ban pas cher, mulberry, true religion outlet, hermes, michael kors outlet, oakley pas cher, true religion jeans, lacoste pas cher, ugg boots, michael kors outlet, michael kors outlet, true religion jeans, nike free run uk, tn pas cher, michael kors, nike air max, burberry, vanessa bruno, lululemon, nike roshe, nike air max, ralph lauren uk, coach outlet, north face, replica handbags, nike blazer, converse pas cher, michael kors outlet, timberland, michael kors, abercrombie and fitch, hollister pas cher, true religion jeans, air force, burberry outlet online, michael kors, michael kors outlet, new balance pas cher, north face, kate spade handbags, hogan

 

Post a Comment

<< Home