Share via


Configure Service: Security Tab

Use the Security tab in the Configure Service dialog box to configure a service certificate for a service. This can be done in this dialog box either by browsing or querying certificate stores.

Dialog Fields

Field

Description

Use Certificate

Select this check box to enable a certificate to be used at the service level. If this box is not checked, all the remaining controls in the Security dialog box are disabled.

Warning

If a certificate has been configured at a higher scope, and the Use Certificate checkbox is unchecked at a lower scope, the following warning will appear: Any updates made on this tab may result in the loss of existing service credential configuration defined at a higher scope and currently inherited. This is because only a subset of the behavior is affected by the Windows Server AppFabric tooling. This means that any existing configuration settings outside of that subset will simply be lost.

Store location

Select the location of the certificate store to be one of these values.

  • Local Machine - The certificate store for all users on the local machine. This is the default used for any search requests unless Current user is specified.

  • Current User - The certificate store that is private and only accessible to the Current User.

    Note

    The current user at configuration time may not be the same as the current user at runtime.

Store name

Select the name of the certificate store to be one of these values.

  • Intermediate Certification Authorities - CertificateAuthority certificate store

  • Other users - AdddressBook certificate store

  • Personal - (Default) Personal certificate store

  • Revoked - Disallowed certificate store.

  • Third-Party Root Certification Authorities - AuthRoot certificate store

  • Trusted People and Resources - TrustedPeople certificate store

  • Trusted Publishers - TrustedPublishers certificate store

  • Trusted Root Certification Authorities - Root certificate store

Browse

Allows you to browse through certificates taken from the Local Machine and Personal certificate store by default. Browsing for a certificate through the Browse button always configures the service's certificate by thumbprint. Click on View to display the standard default NET Certificate dialog box. This allows you to view certificate information, details, and certification path. The View button is disabled in remote scenarios.

Query/Find certificate by:

If you choose not to Browse for a certificate, you can search through the local certificate stores using the following predefined items of search criteria. Click on the down arrow to display the list of existing search parameters for you to use in your search.

  • Application policy

  • Certificate policy

  • Extension

  • Issuer distinguished name

  • Issuer name

  • Key usage

  • Serial number

  • Subject distinguished name

  • Subject key identifier

  • Subject name

  • Template name

  • Thumbprint

  • Time expired

  • Time not yet valid

  • Time valid

Query/Find value:

Works in conjunction with the Query/Find certificate by selection to assign an actual value to the search parameter you selected in the Query/Find certificate by listbox.

Run

If you click on the Run button, it will run the search query combining the search parameter (Query/Find certificate by) and the actual search value (Query/Find value). This button is disabled in remote scenarios. The results of the search are the list of certificates matching the query displayed in the standard NET certificate viewer. Click on View to display the standard default NET Certificate dialog box.

The fields in the Security tab correspond to the serviceCertificate element. If the Use certificate option is checked, the <serviceCredentials><serviceCertificate/></serviceCredentials> element is added to the service element associated with the service in the configuration file.

In the following sample configuration, the certificate named Costoso.com is used as the search value for FindBySubjectName by the serviceCertificate element in the behavior element associated with the service s1. This certificate will be used for any endpoints exposed by this service.

<system.serviceModel>
  <services>
    <service name="s1" behaviorConfiguration="s1Behavior"/>
  </services>
  <behaviors>
    <serviceBehaviors>
      <behavior name="s1Behavior">
        <serviceCredentials>
          <serviceCertificate findValue="Contoso.com"
                              x509FindType="FindBySubjectName" />
        </serviceCredentials>
      </behavior>
    </serviceBehaviors>
  </behaviors>
</system.serviceModel>