login      my ps      about      contact  



home instructor-led on-demand! screencasts blogs


Service Station, by Aaron Skonnard » Installing the WSE 2.0 Sample Certificates

Installing the WSE 2.0 Sample Certificates

Service Station, by Aaron Skonnard

Pluralsight Blogs

Syndication

Recent Posts

Tags

View more

Resources

Archives

I've received several queries about how to properly install the sample certificates that ship with the WSE 2.0 samples. It's easy to get things mixed up when installing them.

These certs are used by the X.509 samples. and if they're not installed properly, the samples will simply not work properly. The sample certificates were generated by the makecert tool provided in the Microsoft Platform Software Development Kit. You can use these sample certs to test X.509 functionality in your own applications, but you should not use them in a production environment. Instead, you should contact a certificate authority and request your own certificate.

The following instructions (which I originally wrote for the WSE 2.0 Hands-On-Labs) describe how to install the WSE 2.0 sample certificates:

  • Open an MMC console by pressing Start, press Run, type mmc, and then click OK.
  • On the File menu, click Add/Remove Snap-in
  • Click Add, under Snap-in, double-click Certificates. 
  • Click My user account to add the certificates for the current user. Click Finish.
  • Click Add, under Snap-in, double-click Certificates. 
  • Click Computer account for the local machines certificates. Click Finish.
  • Close the dialog boxes.
  • In the console tree, under Certificates - Current User\Personal, click Certificates. 
  • Open the Certificate Import wizard by selecting Action | All Tasks and choose Import. 
  • Follow the wizard. When asked for the file to import, specify: C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates\Client Private.pfx.
  • When asked for the private key password, specify: wse2qs.
  • Finish the wizard.

Note: this certificate will be used by our client application to sign messages sent to the service. It could also be used to identify the client for authentication purposes.

  • In the console tree, under Certificates (Local Computer)\Personal, click Certificates. 
  • Open the Certificate Import wizard by selecting Action | All Tasks and choose Import. 
  • Follow the wizard. When asked for the file to import, specify: C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates\Server Private.pfx.
  • When asked for the private key password, specify: wse2qs.
  • Finish the wizard.

Note: this certificate will be used to encrypt messages between the applications. The client application will use the public key to encrypt the message and the service will use the private key to decrypt the message. The client needs to have the public portion of the certificate available in the Current User store.

  • In the console tree, under Certificates - Current User\Other People, click Certificates.

Note: if you don't have an Other People store under Current User, open Internet Explorer, select Tools, Internet Options, Content, and press the Certificates button. You should see an Other People tab in the certificates dialog. You can import the certificate here through this interface or you can return to mmc and refresh the Current User tree and Other People should now show up.

  • Open the Certificate Import wizard by selecting Action | All Tasks and choose Import. 
  • Follow the wizard. When asked for the file to import, specify: C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates\Server Public.cer.
  • Finish the wizard.

Note: this certificate only contains the public portion of Server Private.pfx. The client will use this to encrypt messages and the server will use the private key installed in the Local Machine store to decrypt the messages.

You should now be set to begin using the WSE 2.0 sample certificates!

Posted Jul 13 2004, 08:59 AM by Aaron Skonnard

Comments

ranfu wrote re: Installing the WSE 2.0 Sample Certificates
on 03-24-2005 2:40 AM
I have seen an Other People tab in the certificates dialog,but I can't import certificates,because i can't find it in the dialog poped later
Andrea Infante wrote re: Installing the WSE 2.0 Sample Certificates
on 05-15-2005 8:18 AM
I don´t have an other people store under current user, and i did what you said in the internet explorer, internet options, certificates under other people tab but it didn`t work. I stil don`t have the other people store on my console ...
I will apreciate any help from your part.
Thanks.
jpatel wrote re: Installing the WSE 2.0 Sample Certificates
on 05-17-2005 8:41 PM
I too have same prob on w2k prof OS.
"I don´t have an other people store under current user, and i did what you said in the internet explorer, internet options, certificates under other people tab but it didn`t work. I stil don`t have the other people store on my console ...
I will apreciate any help from your part."
Thanks
Jack Higgens wrote re: Installing the WSE 2.0 Sample Certificates
on 05-18-2005 9:34 AM
can u please provide the makecert command options that were used to create these (3)Certificates.

aziz wrote re: Installing the WSE 2.0 Sample Certificates
on 05-20-2005 2:32 AM
i want to try this program
anush wrote re: Installing the WSE 2.0 Sample Certificates
on 06-08-2005 7:30 AM
this is a good thing to hear
Ricco wrote re: Installing the WSE 2.0 Sample Certificates
on 07-11-2005 11:00 PM
I just want to create my own certificate
B³: Beto Borbolla Blog wrote Certificados WSE 2.0
on 07-18-2005 4:33 PM
Aaron Skonnard comparte un buen tip de como Instalar los certificados de ejemplo en WSE 2.0.
Nikolai .Text Blog wrote Installing the WSE 2.0 Sample Certificates
on 08-17-2005 5:17 PM
Nikolai .Text Blog wrote Installing the WSE 2.0 Sample Certificates
on 08-17-2005 6:09 PM
Aaron - (Not Skonnard) wrote re: Installing the WSE 2.0 Sample Certificates
on 10-12-2005 7:16 AM
When I import to Certificates(Local Computer)/Personal/Certificates I get the following error:

An internal error occurred. The private key that you are importing might require a cryptographic service provider that is not installed on your system.

Any idea what would cause this?
Amber Reyngoudt wrote re: Installing the WSE 2.0 Sample Certificates
on 11-29-2005 9:58 AM
was there an answer to the problem mentioned above...

The private key that you are importing might require a cryptographic service
provider


when importing the server private key
Jason Nadal wrote re: Installing the WSE 2.0 Sample Certificates
on 12-06-2005 7:20 AM
I got around the "cryptographic service provider" error by installing the certificate (server private) to the Current User / Personal folder, and clicking & dragging to the Local Computer/Personal folder. Still getting private key not found from the client side, though...
Santhosh wrote re: Installing the WSE 2.0 Sample Certificates
on 02-20-2006 3:53 AM
Did anyone find a solution for the above problem?. Even I'm stuck with it.. Any help will appreciated.

Thanks,
TMDGOD wrote re: Installing the WSE 2.0 Sample Certificates
on 02-22-2006 6:36 AM
I had this error occur while trying to import certs as well:

The private key that you are importing might require a cryptographic service provider that is not installed on your system.

I change perms on C:\Documents and Settings\All Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys folder to allow full control for administrators and then the certs imported correctly.

Greg Beech's Tech Blog wrote Changing WSE2 WS-Security algorithms and transforms
on 04-27-2007 6:18 AM
In a system with well-known end-points, using WS-Addressing and WS-Security with X509 certificates is
Mark wrote re: Installing the WSE 2.0 Sample Certificates
on 07-18-2007 10:42 AM
Thanks dude...you are a life saver!!!
Sunil Bishnoi wrote re: Installing the WSE 2.0 Sample Certificates
on 12-04-2008 2:01 AM

The private key that you are importing might require a cryptographic service provider that is not installed on your system.

Soln :---

Check to see if you have the following registry key?

HKEY_CURRENT_USER\Software\Microsoft\Cryptography\Defaults\Provider Types\Type 001

If so, back it back, delete it, and then restart your system to see if it fixes the problem..

Even if no then i m sure that u have not created your private key correctly..Problems are there in your private key..

Even though this private key we can install,several ways are there,but u will not be able to use it. So better u create another key pair,

For any query write mo on sunilbishnoi2007@gmail.com

Thanks...

Sunil Bishnoi

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


home instructor-led training online training blogs

781.749.9238 (East Coast) | 310.251.9901 (West Coast) | Pluralsight, LLC , 185 Lincoln St., Suite 305, Hingham, MA 02043-1741

Copyright © 2008 Pluralsight LLC. All rights reserved.

designed by nukeation