WCF: Set up environment to use Transport level security (SSL)

We should install the certificate to the server that hosts the services with Transport level security.

For tests we could use the self-made certificate, for production we recommend to use the certificate issued by the industrial certificate provider as the VeriSign.

1.       Install Microsoft .NET Framework 2.0 Software Development Kit (SDK) (x64) [http://www.microsoft.com/downloads/details.aspx?familyid=1AEF6FCE-6E06-4B66-AFE4-9AAD3C835D3D&displaylang=en]. It is installed by default to the "C:\Program Files\Microsoft.NET\SDK\v2.0 64bit\Bin " folder.

2.       [Optionally, only if you also have server certificate and want to refresh it]"C:\Program Files\Microsoft.NET\SDK\v2.0 64bit\Bin\certmgr.exe" -del -r LocalMachine -s My -c -n MyCompany-HTTPS-Server

3.       "C:\Program Files\Microsoft.NET\SDK\v2.0 64bit\Bin\makecert.exe" -sr LocalMachine -ss My -n CN= MyCompany-HTTPS-Server -sky exchange -sk MyCompany-HTTPS-Key

4.       Install the new certificate to the IIS by the Web Server Certificate Wizard. Open IIS Admin, choose the Web-site, Properties, Directory Security tab, Secure communicationServer Certificate… button, it starts the Web Server Certificate Wizard .

5. Check if the IIS / Web Site / Properties / tab Web Site - SSL Port set up to 443 (


To expose the service metadata by HTTPS and HTTP use:

        <behavior name="ServiceBehavior_Name">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />

To expose the service metadata by HTTPS or HTTP only, change attribute the httpsGetEnabled or httpGetEnabled to false.

Print | posted on Thursday, June 19, 2008 11:25 AM


# re: WCF: Set up environment to use Transport level security (SSL)

left by Leonid Ganeline at 6/8/2010 9:02 AM Gravatar
The Transport level security entails:
in short it gives the service and client interact through the SSL. It means using the https protocol. All packages in the chanel are encrypted.
Moreover, from the client perspective it means the client knows that the service is not the "fake" service. The service uses a certificate to authentificate itself.
Post A Comment