Tuesday, 18 January 2011

Multiple X.509 certificates found

Problem

I was configuring a WCF service to use SSL and had created and installed a self-signed certificate. The WCF service configuration looked something like this:

<serviceBehaviors>
  <behavior name="EnquirySubmissionServiceBehavior">
    <serviceMetadata httpsGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true" />
    <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="SqlRoleProvider" />
    <serviceCredentials>
      <serviceCertificate findValue="CertificateNameHere" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
    </serviceCredentials>
  </behavior>
</serviceBehaviors>

When trying to access the service metadata in a browser I received an error stating that multiple X.509 certificates had been found using the given search criteria.

Solution

The solution was to change the configuration to use an alternative method to find the certificate. In this case I used FindByThumbprint and provided the certificate thumbprint. To obtain the thumbprint do the following:

1. Start > Run > mmc
2. File > Add/Remove snap in…
3. Find and add Certificates (local machine).
4. Find the certificate and double-click on it.
5. In the pop-up dialog scroll to Thumbprint and click on it to view the value.
6. Copy the thumbprint value and remove spaces.

untitled

I then changed the WCF service configuration to look something like this:

<serviceBehaviors>
  <behavior name="EnquirySubmissionServiceBehavior">
    <serviceMetadata httpsGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true" />
    <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="SqlRoleProvider" />
    <serviceCredentials>
      <serviceCertificate findValue="46677f6006fb15fe64e5f394d1d99c22f3729155" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
    </serviceCredentials>
  </behavior>
</serviceBehaviors>

0 comments:

Post a Comment

By all means leave a comment. I may not be able to get back to you as quickly as I'd like but I'll do my very best.