<serviceCertificate> of <serviceCredentials>
Specify an X.509 certificate that will be used to authenticate the service to clients using Message security mode.
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate>
Syntax
<serviceCertificate findValue="String"
storeLocation="LocalMachine/CurrentUser"
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"
x509FindType="FindByThumbprint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
findValue |
A string that contains the value to search for in the X.509 certificate store. The type contained in the attribute must satisfy the requirements of the specified X509FindType. The default is an empty string. |
storeLocation |
Specifies the location of the X.509 certificate store that the client uses to validate the server’s certificate against. Valid values include the following: - LocalMachine: the certificate store assigned to the local machine. - CurrentUser: the certificate store assigned to the current user. The default is LocalMachine. |
storeName |
Specifies the name of the X.509 certificate store to open. Valid values include the following: - AddressBook: Certificate store for other users. - AuthRoot: Certificate store for third-party certification authorities (CAs). - CertificatAuthority: Certificate store for intermediate certification authorities (CAs). - Disallowed: Certificate store for revoked certificates. - My: Certificate store for personal certificates. - Root: Certificate store for trusted root certification authorities (CAs). - TrustedPeople: Certificate store for directly trusted people and resources. - TrustedPublisher: Certificate store for directly trusted publishers. The default is My. |
x509FindType |
Defines the type of X.509 search to be executed. Valid values include the following: - FindByThumbprint - FindBySubjectName - FindBySubjectDistinguishedName - FindByIssuerName - FindByIssuerDistinguishedName - FindBySerialNumber - FindByTimeValid - FindByTimeNotYetValid - FindByTemplateName - FindByApplicationPolicy - FindByCertificatePolicy - FindByExtension - FindByKeyUsage - FindBySubjectKeyIdentifier The type contained in the findValue attribute must satisfy the requirements of the specified X509FindType.The default value is FindBySubjectDistinguishedName. |
Child Elements
None
Parent Elements
| Element | Description |
|---|---|
| <serviceCredentials> | Specifies the credential to be used in authenticating the service, and the client credential validation related settings. |
Remarks
Use this element to specify an X.509 certificate that will be used to authenticate the service to clients using Message security mode. If you are using a certificate that will be periodically renewed, then its thumbprint will change. In that case, use the subject name as the x509FindType because the certificate can be reissued with the same subject name.
For more information about using the element, see How to: Specify Client Credential Values.
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for