Geek Answers Handbook

Mutual Authentication of a WCF / SSL Certificate in a Cluster Environment

I have read many articles about WCF security, but still don't see a clear picture of certificate scripts. Our deployment environment has an NLB cluster (front-end) with several ASP.NET sites that interact with the application server (back-end, as well as an NLB cluster). We must protect it with mutual certificate authentication and SSL. I will fix that we need to do the following:

  • Issue a certificate with CN = NLB host server application name and "Server Authentication" in the CA domain.
  • Issue a certificate for front-end boxes with the purpose of "Client Authentication".
  • Import the public key of the certificate certificate into the front node repositories (and vice versa).
  • Configure WCF to use net.tpc with transport security
  • Customize service behavior (serviceCredentials section)
  • Configure client endpoint behavior (ClientCredentials section)

My questions:

  • Did I miss something?
  • Do I need to perform any additional steps to enable SSL?
  • What interface certificates for the host name should be issued for?
  • External nodes are in the DMZ, so there will be no access to the domain (CA). Will this cause problems?
+5
source share
1 answer

Hi there. Since no one else answered, I will take the hack, but an honest warning - I am a Java / UNIX developer, and some of your requests concern Microsoft. But here are a few answers:

1 -   CN = --NLB-    " "    CA.

- Microsoft. , - " ", - - SSL keyEncipherment keyAgreement. digitalSignature. RFC, Microsoft , . Microsoft CA, , SSL .

2 -    " "   .

, # 1 - . , , , , , , .

3 -      ( ).

Microsoft. PKI , SSL, (, ) . , - .

4 - WCF net.tpc   

5 -   ( serviceCredentials)

6 -    ( ClientCredentials)

...

, - . . , , SSL , , .

, , . , , . (CRL OCSP), , , .

?

, .

- , . . - DN , , .

DMZ, (CA). - ?

.

UNLESS - . , (.. DMZ) (CRL OCSP). OCSP - HTTP GET IP, , .

, , . - , , .

+3

More articles:


All Articles