Setting up SSL with WCF on Azure

2
votes

I'm trying to set up a WCF-service with SSL on Azure.

Can someone please explain a bit about the differences of using certificates is these cases?

  1. Certificate for https-binding in IIS
  2. ServiceCertificate in Web.Config
  3. ClientCertificate in Web.Config
  4. Certificate in ServiceDefinition.csdef
  5. Certificate in ServiceConfiguration.Local.cscfg
  6. Certificate in ServiceConfiguration.Cloud.cscfg
  7. More I should know about?

I want to publish several service-endpoints within the same role, some with SSL and some without. Do I need binding-certificates at all or is it service-certificates I should use?

1
wcfazurex509certificate

1 Answers

2
votes

Start by reading WCF Transport Security with Certificate Authentication and Configuring SSL for an application in Windows Azure

  1. Certificate for https-binding in IIS - exactly what it says, the cert is used by IIS to create a secure binding on a site/service, typically on port 443
  2. ServiceCertificate in Web.Config - WCF service-side binding cert used for WCF Transport Security with Certificate Authentication - private key cert used to authenticate client request signed with the corresponding public key
  3. ClientCertificate in Web.Config - WCF client-side binding cert used for WCF Transport Security with Certificate Authentication - public key cert used to sign a request for authentication to a service using Transport Security with the corresponding private key
  4. Certificate in ServiceDefinition.csdef - default certificate used to create a secure endpoint in Azure worker & web roles. NOTE: This is the certificate Azure installs in IIS to bind to the service endpoint (see #1)
  5. Certificate in ServiceConfiguration.Local.cscfg - same as 4, just used in a "Local" build/deployment configuration
  6. Certificate in ServiceConfiguration.Cloud.cscfg - same as 4, just used in a "Cloud" build/deployment configuration