Steve Fenton

Self-hosted WCF service with certificates

If you are self-hosting a WCF service, exposed via HTTP and requiring certificates for transport security, you’ll probably need to learn a little bit about netsh.

If you are using IIS, you’ll just set up the certificates using inetmgr, but because you are self-hosting, you’ll need to run a command such as this:

netsh http add sslcert ipport= certhash=c20ed305ea705cc4e36b317af6ce35dc03cfb83d appid={c9670020-5288-47ea-70b3-5a13da258012} clientcertnegotiation=enable

This will register the certificate against the URI and application.

“ipport” is the IP address and port number you are hosting the WCF service under.

“certhash” is the Thumbprint of the certificate. Using the MMC certificate snap-in, you can view the certificate and find the Thumbprint under the “Details” tab. Remove the spaces if there are any.

“appid” is the GUID from your AssemblyInfo file in your WCF host project.

[assembly: Guid("c9670020-5288-47ea-70b3-5a13da258012")]

“clientcertnegotiation” allows you to enable negotiation, which is disabled by default.

You can find information of all of the parameters on the Microsoft Technet article on netsh. Please let me know when this link dies, as all Microsoft links seem to do!

Written by Steve Fenton on