Share via

<defaultCertificate> Element

  • Article

Specifies an X.509 certificate to be used when a service or STS does not provide one via a negotiation protocol.

<system.serviceModel>

  <behaviors>

    <endpointBehaviors>

      <behavior> of <endpointBehaviors>

        <clientCredentials>

          <serviceCertificate> of <serviceCredentials>

                                    
                                    <defaultCertificate findValue="String" 
                                
                                    
                                    storeLocation=" CurrentUser/LocalMachine"
                                
                                    
                                    storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher" 
                                
                                    
                                    x509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialiNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" />

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

Attribute Description

findValue

String. The value to search for.

x509FindType

Enumeration. One of the certificate fields to search.

storeLocation

Enumeration. One of the two system store locations to search.

storeName

Enumeration. One of the system stores to search.

findValue Attribute

Value Description

String

The value depends on the field (specified by the X509FindType attribute) being searched. For example, if searching for a thumbprint, the value must be a string of hexadecimal numbers.

x509FindType Attribute

Value Description

Enumeration

Values include: FindByThumbprint, FindBySubjectName, FindBySubjectDistinguishedName, FindByIssuerName, FindByIssuerDistinguishedName, FindBySerialNumber, FindByTimeValid, FindByTimeNotYetValid, FindBySerialNumber, FindByTimeExpired, FindByTemplateName, FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByKeyUsage, FindBySubjectKeyIdentifier.

storeLocation Attribute

Value Description

Enumeration

CurrentUser or LocalMachine.

storeName Attribute

Value Description

Enumeration

Values include: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher.

Child Elements

None.

Parent Elements

Element Description

<serviceCertificate> of <clientCredentials> Element

Specifies a certificate to use when authenticating a service to the client.

Example

The following example specifies a certificate to use for endpoints whose URI begins with https://www.contoso.com and a certificate to use for all other endpoints that do not perform certificate negotiation.

<serviceCertificate>
  <defaultCertificate findValue="www.contoso.com" 
                      storeLocation="LocalMachine"
                      storeName="TrustedPeople" 
                      x509FindType="FindByIssuerDistinguishedName" />
  <scopedCertificates>
     <add targetUri="https://www.contoso.com" 
          findValue="www.contoso.com" storeLocation="LocalMachine"
                  storeName="Root" x509FindType="FindByIssuerName" />
  </scopedCertificates>
  <authentication revocationMode="Online" 
   trustedStoreLocation="LocalMachine" />
</serviceCertificate>

See Also

Reference

<authentication> of <clientCertificate> Element

Other Resources

Working with Certificates

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.