I have a WCF service that uses a certificate as follows:
Credentials.ServiceCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, _ System.Security.Cryptography.X509Certificates.StoreName.TrustedPeople, _ System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, _ serviceCertificateThumbprint)
The client also has an installed certificate and searches for it using a fingerprint. To allow the deployment and renewal of certificates, the fingerprint on the client and server is stored in the database, and the certificate is viewed on the fly. I use an internal certificate. However, the certificate that I have expires in a few months, and I wonder what recommended best practices for managing certificate expiration? The service is called by 4 clients that I manage, but also by a large number of other clients that are out of my control, so distributing certificates using Group Policy is not necessary.
1) Is it possible to configure a service with several endpoints protected by different certificates to allow a period of overlap so that all clients can reconfigure a new certificate?
2) Given that these applications are mainly internal, it is advisable to use:
X509CertificateValidationMode.None X509RevocationMode.NoCheck
?
3) Do I need to use certificates, given that the service is also protected using WIF / STS? if not, how is this done? (I believe that if certificates are not used, then https should be)
source share