<certificate> Element

 

Specifies an X.509 certificate to use for signing and encrypting messages for peer-to-peer clients.

<system.ServiceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<peer>
<certificate>

  
<certificate findValue="String"   
  
storeLocation="LocalMachine/CurrentUser"  
      storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"  
      X509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier"  
/>  

The following sections describe attributes, child elements, and parent elements.

Attributes

AttributeDescription
findValueA string that contains the value to search for in the X.509 certificate store. The type contained in the attribute must satisfy the requirements of the specified x509FindType. The default is an empty string.
storeLocationSpecifies the location of the X.509 certificate store that the client uses to validate the peer's certificate against. Valid values include the following:

- LocalMachine: the certificate store assigned to the local machine.
- CurrentUser: the certificate store assigned to the current user.

The default is LocalMachine.
storeNameSpecifies the name of the X.509 certificate store to open. Valid values include the following:

- AddressBook: Certificate store for other users.
- AuthRoot: Certificate store for third-party certification authorities (CAs).
- CertificateAuthority: Certificate store for intermediate certification authorities (CAs).
- Disallowed: Certificate store for revoked certificates.
- My: Certificate store for personal certificates.
- Root: Certificate store for trusted root certification authorities (CAs).
- TrustedPeople: Certificate store for directly-trusted people and resources.
- TrustedPublisher: Certificate store for directly-trusted publishers.

The default is My.
X509FindTypeDefines the type of X.509 search to be executed. Valid values include the following:

- FindByThumbPrint
- FindBySubjectName
- FindBySubjectDistinguishedName
- FindByIssuerName
- FindByIssuerDistinguishedName
- FindBySerialNumber
- FindByTimeValid
- FindByTimeNotYetValid
- FindByTemplateName
- FindByApplicationPolicy
- FindByCertificatePolicy
- FindByExtension
- FindByKeyUsage
- FindBySubjectKeyIdentifier

The type contained in the findValue attribute must satisfy the requirements of the specified X509FindType.

The default value is FindBySubjectDistinguishedName.

Child Elements

None.

Parent Elements

ElementDescription
<peer>Specifies credentials used when authenticating peer-to-peer clients.

This configuration element contains a X509Certificate2 instance used when authenticating neighbors in the peer mesh.

For more information about peer-to-peer programming, see Peer-to-Peer Networking.

The following code specifies how to find the certificate used in a peer-to-peer scenario.

<behaviors>  
 <endpointBehaviors>  
  <behavior name="MyEndpointBehavior">  
   <clientCredentials>  
    <peer>  
     <certificate findValue="www.contoso.com"   
                   storeLocation="LocalMachine"  
                   x509FindType="FindByIssuerName" />  
    </peer>  
   </clientCredentials>  
  </behavior>  
</endpointBehaviors>  

PeerCredentialElement
Certificate
X509PeerCertificateElement
Certificate
Working with Certificates
Peer-to-Peer Networking
Peer Channel Message Authentication
Peer Channel Custom Authentication
Securing Peer Channel Applications

Show: