Guide to setting up the WSE 2 X.509 Test Certificates

Article
07/01/2005

Follow these steps and you'll be sorted..

Install Web Services Enhancements from here (for this example I've installed to my c: drive)
Navigate your way down through the initial help file and you'll find a link to "C:\Program Files\Microsoft WSE\v2.0\Samples\readme.htm"
This file will describe approach to setting up certificates
Scroll down even further and you'll see a heading titled "Using the sample X.509 certificates"
Here you'll find a link to "Detailed Instructions" which points off to "C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates\readme.htm"
Read the data in the table carefully as it details the store locations where you are to put the certificates and the password for the certificates which for this release is "wse2qs"

Load up the MMC Certicificate Snapins

Run "MMC" from the command prompt and add in the "Certificate" snap in - once for "My User Account" and then add again for "Computer Account", click on close, ok etc to get back to the main MMC Console now containing the 2 certificate managers
Right click "Personal" under the "Certificate - Current User" tree, select "All Tasks" and select Import.
Click next and then browse to "C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates", make sure you change the "File of Type" option to "Personal Information Exchange (.pfx) " as you need to select the "Client Private.pfx", not the " .cer" files which is the default and confusing
Enter the password "wse2qs" etc and run the wizard to completion and then check it installed properly, it'll be under "Personal" called "WSE2QuickStartClient"
Don't close the "Certificate - Current User" MMC Snapin just yet

Next install the WSE2 Server Public Certificate in to the "Certificate - Current User" store.

The client application you build will use the servers public certificate for signing and encrypting SOAP messages it exchanges with it, hence why you need to install it.

Again still on the "Certificate - Current User" tree look a bit further down and you'll see the "Other People" certificate container
Right click on "Other People", select "All Tasks", then "Import".
This time import the "Server Public. cer" from the "C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates"
run the wizard to completion...

Note. If your machine is newly set up or for reasons not known to me then it's quite possible that you dont have an "Other People" container. In this case fire up Internet Explorer, select Tools -> Options -> Content Tab -> Certificates Button -> Select the "Other People" tab and then import the Server Public.cer from there...

Next install the WSE2 Server Public/Private Certificate into the "Certificates - Local Computer" store

This time working from the "Certificates - Local Computer" snap in
Right click the "Personal" Store, select "All Tasks" and "Import"
Import the "Server Private.pfx" certificate from "C:\Program Files\Microsoft WSE\v2.0\Samples\Sample Test Certificates"

Granting ASP.NET rights to the Server Certificate you've just installed.

Server side apps hosted by ASP.NET will need access to the Server Certificate Store so you need to use the WSE2 provided tool to do this. Off the "Microsoft WSE 2.0" menu you'll spot the "X509 Certificate Tool".

For IIS 5 the default account name is "ASPNET" on IIS6 it's "Network Service" unless you plan to run he app in an application pool with an Identity you've created.

Start the X509 Certificate Tool
Set the Store Location to "Local Computer"
Set the Store Name to "Personal"
Click the "Open Certificate" Button
And you'll spot the "WSE2QuickStartServer" certificate you just installed
Select/Open it and click OK till back to main screen
Click the "View Private Key File Properties" Button
Select the Security Tab
Add in the ASP.NET Account identity(s) that your app will be running under
Set the permission level for the ASP.NET Account - now from memory you need "Modify" Permissions

Ta da - you're done, easy huh, now fire up some of the labs:-)