<defaultCertificate> Element

 

Specifies an X.509 certificate to be used when a service or STS does not provide one via a negotiation protocol.

<system.ServiceModel>
<behaviors>
endpointBehaviors section
<behavior>
<clientCredentials>
<serviceCertificate>
<defaultCertificate>

  
<defaultCertificate findValue="String"   
storeLocation=" CurrentUser/LocalMachine"  
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"   
x509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialiNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" />  

The following sections describe attributes, child elements, and parent elements

Attributes

AttributeDescription
findValueString. The value to search for.
x509FindTypeEnumeration. One of the certificate fields to search.
storeLocationEnumeration. One of the two system store locations to search.
storeNameEnumeration. One of the system stores to search.
ValueDescription
StringThe value depends on the field (specified by the X509FindType attribute) being searched. For example, if searching for a thumbprint, the value must be a string of hexadecimal numbers.
ValueDescription
EnumerationValues include: FindByThumbprint, FindBySubjectName, FindBySubjectDistinguishedName, FindByIssuerName, FindByIssuerDistinguishedName, FindBySerialNumber, FindByTimeValid, FindByTimeNotYetValid, FindBySerialNumber, FindByTimeExpired, FindByTemplateName, FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByKeyUsage, FindBySubjectKeyIdentifier.
ValueDescription
EnumerationCurrentUser or LocalMachine.
ValueDescription
EnumerationValues include: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher.

Child Elements

None.

Parent Elements

ElementDescription
<serviceCertificate>Specifies a certificate to use when authenticating a service to the client.

For bindings that use certificate-based message security, certificate specified by this configuration element is used to encrypt messages to the service and is expected to be used by the service for signing replies to the client. It stores a single certificate to be used when no certificate is specified by a service.

The following example specifies a certificate to use for endpoints whose URI begins with http://www.contoso.com and a certificate to use for all other endpoints that do not perform certificate negotiation.

<serviceCertificate>  
  <defaultCertificate findValue="www.contoso.com"   
                      storeLocation="LocalMachine"  
                      storeName="TrustedPeople"   
                      x509FindType="FindByIssuerDistinguishedName" />  
  <scopedCertificates>  
     <add targetUri="http://www.contoso.com"   
          findValue="www.contoso.com" storeLocation="LocalMachine"  
                  storeName="Root" x509FindType="FindByIssuerName" />  
  </scopedCertificates>  
  <authentication revocationMode="Online"   
   trustedStoreLocation="LocalMachine" />  
</serviceCertificate>  

X509DefaultServiceCertificateElement
X509CertificateRecipientClientCredential
DefaultCertificate
Working with Certificates
<authentication>
Securing Clients
Securing Services and Clients

Show: