Share via


Configure WCF and WF for Server, Site, Application, or Virtual Directory: Security Tab

Use the Security tab in the Configure Server, Configure Site, Configure Application, or Configure Directory dialog box to configure the default service certificate for a server, site, application, or virtual directory level.

Dialog Fields

Field

Description

Use Certificate

Select this check box to enable a certificate to be used at the specific level. If this box is not checked, all the remaining controls in the Security dialog box are disabled.

Warning

If a certificate has been configured at a higher scope, and the Use Certificate checkbox is unchecked at a lower scope, the following warning will appear: Any updates made on this tab may result in the loss of existing service credential configuration defined at a higher scope and currently inherited. This is because only a subset of the behavior is affected by the Windows Server AppFabric tooling. This means that any existing configuration settings outside of that subset will simply be lost.

Store location

Select the location of the certificate store to be one of these values.

  • Local Machine - The certificate store for all users on the local machine. This is the default used for any search requests unless Current user is specified.

  • Current User - The certificate store that is private and only accessible to the Current User.

    Note

    The current user at configuration time may not be the same as the current user at runtime.

Store name

Select the name of the certificate store to be one of these values.

  • Intermediate Certification Authorities - CertificateAuthority certificate store

  • Other users - AdddressBook certificate store

  • Personal - (Default) Personal certificate store

  • Revoked - Disallowed certificate store.

  • Third-Party Root Certification Authorities - AuthRoot certificate store

  • Trusted People and Resources - TrustedPeople certificate store

  • Trusted Publishers - TrustedPublishers certificate store

  • Trusted Root Certification Authorities - Root certificate store

Browse

Allows you browse through certificates taken from the Local Machine and Personal certificate store by default. Click on View to display the standard default Windows Certificate dialog box. This allows you to view certificate information, details, and certification path. The View button is disabled in remote scenarios.

Query/Find certificate by:

If you choose not to Browse for a certificate, you can search through the local certificate stores using the following predefined items of search criteria. Click on the down arrow to display the list of existing search parameters for you to use in your search.

  • Application policy

  • Certificate policy

  • Extension

  • Issuer distinguished name

  • Issuer name

  • Key usage

  • Serial number

  • Subject distinguished name

  • Subject key identifier

  • Subject name

  • Template name

  • Thumbprint

  • Time expired

  • Time not yet valid

  • Time valid

Query/Find value:

Works in conjunction with the Query/Find certificate by selection to assign an actual value to the search parameter you selected in the Query/Find certificate by listbox.

Run

If you click on the Run button, it will run the search query combining the search parameter (Query/Find certificate by) and the actual search value (Query/Find value). This button is disabled in remote scenarios. The results of the search are the list of certificates matching the query displayed in the standard NET certificate viewer. Click on View to display the standard default NET Certificate dialog box.

The fields in the Security tab correspond to the serviceCertificate element. If the Use certificate option is checked, the <serviceCredentials><serviceCertificate/></serviceCredentials> element is added to the default behavior in the configuration file. This makes it visible to services below the selected level.

In the following sample application configuration, the certificate identified by a value "12519AE9CD777A560184F1FBD54215222E95E71F" is used as the search value for FindByThumbprint by the serviceCertificate element. This certificate will be used for any endpoints exposed by any services that are part of this application.

<serviceCredentials>
   <serviceCertificate findValue="12519AE9CD777A560184F1FBD54215222E95E71F" storeLocation="LocalMachine" storeName="CertificateAuthority" x509FindType="FindByThumbprint" />
 </serviceCredentials>