Is it possible to force the WCF test client to accept a self-signed certificate?

wcf ssl ssl-certificate self-signed wcftestclient
Lawrence Johnston picture Lawrence Johnston · May 8, 2010 · Viewed 26.9k times · Source

I have a WCF web service running in IIS 7 using a self-signed certificate (it's a proof of concept to make sure this is the route I want to go). It's required to use SSL.

Is it possible to use the WCF Test Client to debug this service without needing a non-self-signed certificate?

When I try I get this error:

Error: Cannot obtain Metadata from https:///Service1.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: https:///Service1.svc Metadata contains a reference that cannot be resolved: 'https:///Service1.svc'. Could not establish trust relationship for the SSL/TLS secure channel with authority ''. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.HTTP GET Error URI: https:///Service1.svc There was an error downloading 'https:///Service1.svc'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

EDIT: This question is specifically about using the WCF Test Client to test a web service already secured via SSL using a self-signed certificate. The server is already set up to accept any certificate provided, it's the WCF Test Client I don't see a way to do this for.

Answer

Cyrus picture Cyrus · Mar 28, 2012

You can create a non self-signed certificate in development area and then use this certificate in IIS for applying the SSL. The steps are:

  1. Create self-signed certificate

    makecert -r -pe -n "CN=My Root Authority" -a sha1 -sky signature 
    -ss CA -sr CurrentUser  
    -cy authority 
    -sv CA.pvk CA.cer

  2. Create a non self-signed certificate for SSL which signed by this root certificate and then create pfx-file from that

    makecert -pe -n "CN=servername" -a sha1 -sky exchange
    -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk
    -sp "Microsoft RSA SChannel Cryptographic Provider"
    -sy 12 -sv server.pvk server.cer

pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

now you just need to import the server.pfx into the IIS and setup the web site binding to use this certificate and also install the CA.cer in Local Computer \ Trusted Root Certification Authorities store in both server and client by doing this WCF client would work with the service through HTTPS without any problem.

Related questions

WCF Self signed certificate is not trusted on the client

I have a WCF service that is ONLY every used between two server machines. It will NEVER be used publicly. I was hoping I could use SSL with a self signed certificate for security. I created a certificate using IIS7, …

Read More
Transport Security with Certificate Authentication

I'm getting the following error when I access my webservice localhost/MyService/MyService.svc The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'. I've following the web.config examples as specified in http://…

Read More
Adding WCF Service Reference with https endpoint

My WCF service application works over http and https, however, when I add a service reference (with the https url) to it in my client, Visual Studio 2010 sets the endpoint in the config file to http. It doesn't appear to …

Read More