Export (0) Print
Expand All

<defaultCertificate> Element

Specifies an X.509 certificate to be used when a service or STS does not provide one via a negotiation protocol.


<defaultCertificate findValue="String" 
storeLocation=" CurrentUser/LocalMachine"
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher" 
x509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialiNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" />

The following sections describe attributes, child elements, and parent elements

Attributes

 

Attribute Description

findValue

String. The value to search for.

x509FindType

Enumeration. One of the certificate fields to search.

storeLocation

Enumeration. One of the two system store locations to search.

storeName

Enumeration. One of the system stores to search.

findValue Attribute

 

Value Description

String

The value depends on the field (specified by the X509FindType attribute) being searched. For example, if searching for a thumbprint, the value must be a string of hexadecimal numbers.

x509FindType Attribute

 

Value Description

Enumeration

Values include: FindByThumbprint, FindBySubjectName, FindBySubjectDistinguishedName, FindByIssuerName, FindByIssuerDistinguishedName, FindBySerialNumber, FindByTimeValid, FindByTimeNotYetValid, FindBySerialNumber, FindByTimeExpired, FindByTemplateName, FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByKeyUsage, FindBySubjectKeyIdentifier.

storeLocation Attribute

 

Value Description

Enumeration

CurrentUser or LocalMachine.

storeName Attribute

 

Value Description

Enumeration

Values include: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher.

Child Elements

None.

Parent Elements

 

Element Description

<serviceCertificate> of <clientCredentials> Element

Specifies a certificate to use when authenticating a service to the client.

For bindings that use certificate-based message security, certificate specified by this configuration element is used to encrypt messages to the service and is expected to be used by the service for signing replies to the client. It stores a single certificate to be used when no certificate is specified by a service.

The following example specifies a certificate to use for endpoints whose URI begins with http://www.contoso.com and a certificate to use for all other endpoints that do not perform certificate negotiation.

<serviceCertificate>
  <defaultCertificate findValue="www.contoso.com" 
                      storeLocation="LocalMachine"
                      storeName="TrustedPeople" 
                      x509FindType="FindByIssuerDistinguishedName" />
  <scopedCertificates>
     <add targetUri="http://www.contoso.com" 
          findValue="www.contoso.com" storeLocation="LocalMachine"
                  storeName="Root" x509FindType="FindByIssuerName" />
  </scopedCertificates>
  <authentication revocationMode="Online" 
   trustedStoreLocation="LocalMachine" />
</serviceCertificate>




Build Date:

2012-08-02

Community Additions

ADD
Show:
© 2014 Microsoft