Controlling Certificate Validation

How do I configure the validation process for certificates specified in the service credentials section?

There are several configuration settings for controlling certificate validation although they appear in different places depending on what credentials you're talking about. I'll talk about the settings first and then talk about where they appear.

The four configuration settings you'll see are:

- certificateValidationMode for controlling how certificates get validated (ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom)

customCertificateValidatorType for specifying the type used by the Custom validation mode ("namespace.typeName, \[,AssemblyName\] \[,Version=version number\] \[,Culture=culture\] \[,PublicKeyToken=token\]")  

• revocationMode for controlling how the certificate revocation list is checked (NoCheck/Online/Offline)
• trustedStoreLocation for controlling which system store is checked for negotiated certificates (CurrentUser/LocalMachine)

Here's where you'll find those settings. All of these XML paths are relative to the serviceCredentials section.

- When talking about a certificate for the client half of a duplex service, clientCertificate/authentication

When talking about a certificate for a custom issued token, issuedTokenAuthentication. Controlling certificate validation through configuration for issued tokens is only available starting with the Orcas release.  

• When talking about a certificate for a peer node, peer/peerAuthentication

Next time: Throwing Exceptions from Service Authorization Manager

Comments

• Anonymous
  January 21, 2008
  Cookies are the de facto correlation protocol for web applications, which means HTTP applications rather

• Anonymous
  April 29, 2008
  Continuing on with the theme of messaging additions in Orcas, today I'll look at some more of the protocols