Guide to setting up the WSE 2 X.509 Test Certificates


Follow these steps and you’ll be sorted..



  1. Install Web Services Enhancements from here (for this example I’ve installed to my c: drive)
  2. Navigate your way down through the initial help file and you’ll find a link to “C:\Program Files\Microsoft WSE\v2.0\Samples\readme.htm
  3. This file will describe approach to setting up certificates
  4. Scroll down even further and you’ll see a heading titled “Using the sample X.509 certificates”
  5. Here you’ll find a link to “Detailed Instructions” which points off to “C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates\readme.htm
  6. Read the data in the table carefully as it details the store locations where you are to put the certificates and the password for the certificates which for this release is “wse2qs

Load up the MMC Certicificate Snapins



  1. Run “MMC” from the command prompt and add in the “Certificate” snap in – once for “My User Account” and then add again for “Computer Account“, click on close, ok etc to get back to the main MMC Console now containing the 2 certificate managers
  2. Right click “Personal” under the “Certificate – Current User” tree, select “All Tasks” and select Import.
  3. Click next and then browse to “C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates“, make sure you change the “File of Type” option to “Personal Information Exchange (.pfx)” as you need to select the “Client Private.pfx“, not the “.cer” files which is the default and confusing
  4. Enter the password “wse2qs” etc and run the wizard to completion and then check it installed properly, it’ll be under “Personal” called “WSE2QuickStartClient”
  5. Don’t close the “Certificate – Current User” MMC Snapin just yet

Next install the WSE2 Server Public Certificate in to the “Certificate – Current User” store. 


The client application you build will use the servers public certificate for signing and encrypting SOAP messages it exchanges with it, hence why you need to install it.



  1. Again still on the “Certificate – Current User” tree look a bit further down and you’ll see the “Other People” certificate container
  2. Right click on “Other People“, select “All Tasks“, then “Import“.
  3. This time import the “Server Public.cer” from the “C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates
  4. run the wizard to completion…

Note.  If your machine is newly set up or for reasons not known to me then it’s quite possible that you dont have an “Other People” container.  In this case fire up Internet Explorer, select Tools -> Options -> Content Tab -> Certificates Button -> Select the “Other People” tab and then import the Server Public.cer from there…


Next install the WSE2 Server Public/Private Certificate into the “Certificates – Local Computer” store



  1. This time working from the “Certificates – Local Computer” snap in
  2. Right click the “Personal” Store, select “All Tasks” and “Import
  3. Import the “Server Private.pfx” certificate from “C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates

Granting ASP.NET rights to the Server Certificate you’ve just installed. 


Server side apps hosted by ASP.NET will need access to the Server Certificate Store so you need to use the WSE2 provided tool to do this.  Off the “Microsoft WSE 2.0” menu you’ll spot the “X509 Certificate Tool”.


For IIS 5 the default account name is “ASPNET” on IIS6 it’s “Network Service” unless you plan to run he app in an application pool with an Identity you’ve created.


so



  1. Start the X509 Certificate Tool
  2. Set the Store Location to “Local Computer
  3. Set the Store Name to “Personal
  4. Click the “Open Certificate” Button
  5. And you’ll spot the “WSE2QuickStartServer” certificate you just installed
  6. Select/Open it and click OK till back to main screen
  7. Click the “View Private Key File Properties” Button
  8. Select the Security Tab
  9. Add in the ASP.NET Account identity(s) that your app will be running under
  10. Set the permission level for the ASP.NET Account – now from memory you need “Modify” Permissions

Ta da – you’re done, easy huh, now fire up some of the labs:-)

Comments (1)

  1. Dave Glover says:

    I’ve ammended the above instructions as it is possible that you dont have an "Other People" certificate container on your system.

    so now as above…

    Note. If your machine is newly set up or for reasons not known to me then it’s quite possible that you dont have an "Other People" container.

    In this case fire up Internet Explorer, select Tools -> Options -> Content Tab -> Certificates Button -> Select the "Other People" tab and then import the Server Public.cer from there…

Skip to main content