<certificateReference>

  • Article

Specifies settings for X.509 certificate validation. A secure Windows Communication Foundation (WCF) client that connects to an endpoint with this identity verifies that the claims presented by the server contain the identity claim used to construct this identity.

Schema Hierarchy

<identity>
  <certificateReference>

Syntax

<certificateReference 
        findValue="String" 
    isChainIncluded="Boolean"
    storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"storeName="

    storeLocation="LocalMachine/CurrentUser"
        
X509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier"
</certificateReference>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

findValue

Specifies the value to search for in the X.509 certificate store. The type contained in this attribute must satisfy the requirements of the specified X509FindType value. The default is an empty string.

isChainIncluded

A Boolean value that specifies if the validation is done using a certificate chain.

storeLocation

Specifies the location of the certificate store that the client can use to validate the server’s certificate.

Valid values include the following:

  • LocalMachine: The cert store assigned to the local machine.

  • CurrentUser: The cert store assigned to the current user.

The default value is LocalMachine.

This attribute is of type StoreLocation.

storeName

Specifies the name of the X.509 certificate store to open.

Valid values include the following:

  • AddressBook: Certificate store for other users.

  • AuthRoot: Certificate store for third-party certification authorities (CAs).

  • CertificateAuthority: Certificate store for intermediate CAs.

  • Disallowed: Certificate store for revoked certificates.

  • My: Certificate store for personal certificates.

  • Root: Certificate store for trusted root CAs.

  • TrustedPeople: Certificate store for directly trusted people and resources.

  • TrustedPublisher: Certificate store for directly trusted publishers.

The default value is My.

This attribute is of type StoreName.

X509FindType

Specifies the type of X.509 search to be executed. The type contained in the findValue attribute must satisfy the requirements of the specified X509FindType.

Valid values include the following:

  • FindByThumbPrint

  • FindBySubjectName

  • FindBySubjectDistinguishedName

  • FindByIssuerName

  • FindByIssuerDistinguishedName

  • FindBySerialNumber

  • FindByTimeValid

  • FindByTimeNotYetValid

  • FindByTemplateName

  • FindByApplicationPolicy

  • FindByCertificatePolicy

  • FindByExtension

  • FindByKeyUsage

  • FindBySubjectKeyIdentifier

The default value is FindBySubjectDistinguishedName.

This attribute is of type X509FindType.

Child Elements

None.

Parent Elements

Element Description

<identity>

Specifies settings that enable the authentication of an endpoint by other endpoints exchanging messages with it.

See Also

Reference

CertificateReferenceElement
IdentityElement
EndpointAddress
Identity