self sign certificate store for IIS hosted WCF

Monday, 30 June 2014

self sign certificate store for IIS hosted WCF

               If U want use a self sign certificate from IIS


When you create the certificate, you use the following command:

use visual studio command prompt from visual stdio tools run this command

makecert.exe -sr CurrentUser -ss  My -a sha1 -n CN=WCFClient -sky exchange -pe

to see the certificate :

run mmc ----> add/remove snap-in

then click certificate --->add --> My user account --->Finish

u will get the certificate with in personal store

"-sr CurrentUser" means that the certificate is installed into the current user(logon user account)'s cert store. If you're logon via Mithun , then the certificate is installed in Mithun 's cert store, if you logon on via another account(rahul) later, you will not see the certificate in "CurrentUser" store.

For your scenario, when you deploy the service to IIS, the service application is running under a different account than your logon useraccount(which the visual studio webserver uses), therefore the IIS hosted service process cannot find the certificate in "CurrentUser" store.

To make it easier, you can try to use "-sr LocalMachine" to create the certificate in LocalMachine store so that every account can see it.

 to see the certificate :

run mmc ----> add/remove snap-in

then click certificate --->add -->Local Machine --->Finish

u will get the certificate with in personal store