You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To program Windows Communication Foundation (WCF) security, X.509 digital certificates are commonly used to authenticate clients and servers, encrypt, and digitally sign messages. This topic briefly explains X.509 digital certificate features and how to use them in WCF, and includes links to topics that explain these concepts further or that show how to accomplish common tasks using WCF and certificates.
13
13
14
-
In brief, a digital certificate is a part of a *public key infrastructure* (PKI), which is a system of digital certificates, certificate authorities, and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography. A certification authority issues certificates and each certificate has a set of fields that contain data, such as *subject* (the entity to which the certificate is issued), validity dates (when the certificate is valid), issuer (the entity that issued the certificate), and a public key. In WCF, each of these properties is processed as a <xref:System.IdentityModel.Claims.Claim>, and each claim is further divided into two types: identity and right. For more information about X.509 certificates see [X.509 Public Key Certificates](http://go.microsoft.com/fwlink/?LinkId=209952)For more information about Claims and Authorization in WCF see [Managing Claims and Authorization with the Identity Model](../../../../docs/framework/wcf/feature-details/managing-claims-and-authorization-with-the-identity-model.md). For more information about implementing a PKI, see [Windows Server 2008 R2 - Certificate Services](http://go.microsoft.com/fwlink/?LinkId=209949).
14
+
In brief, a digital certificate is a part of a *public key infrastructure* (PKI), which is a system of digital certificates, certificate authorities, and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography. A certification authority issues certificates and each certificate has a set of fields that contain data, such as *subject* (the entity to which the certificate is issued), validity dates (when the certificate is valid), issuer (the entity that issued the certificate), and a public key. In WCF, each of these properties is processed as a <xref:System.IdentityModel.Claims.Claim>, and each claim is further divided into two types: identity and right. For more information about X.509 certificates see [X.509 Public Key Certificates](http://go.microsoft.com/fwlink/?LinkId=209952). For more information about Claims and Authorization in WCF see [Managing Claims and Authorization with the Identity Model](../../../../docs/framework/wcf/feature-details/managing-claims-and-authorization-with-the-identity-model.md). For more information about implementing a PKI, see [Windows Server 2008 R2 - Certificate Services](http://go.microsoft.com/fwlink/?LinkId=209949).
15
15
16
-
A primary function of the certificate is to authenticate the identity of the owner of the certificate to others. A certificate contains the *public key* of the owner, while the owner retains the private key. The public key can be used to encrypt messages sent to the owner of the certificate. Only the owner has access to the private key, so only the owner can decrypt those messages.
16
+
The primary function of a certificate is to authenticate the identity of the owner of the certificate to others. A certificate contains the *public key* of the owner, while the owner retains the private key. The public key can be used to encrypt messages sent to the owner of the certificate. Only the owner has access to the private key, so only the owner can decrypt those messages.
17
17
18
18
Certificates must be issued by a certification authority, which is often a third-party issuer of certificates. On a Windows domain, a certification authority is included that can be used to issue certificates to computers on the domain.
19
19
@@ -51,7 +51,7 @@ To program Windows Communication Foundation (WCF) security, X.509 digital certif
51
51
## Chain Trust and Certificate Authorities
52
52
Certificates are created in a hierarchy where each individual certificate is linked to the CA that issued the certificate. This link is to the CA’s certificate. The CA’s certificate then links to the CA that issued the orginal CA’s certificate. This process is repeated up until the Root CA’s certificate is reached. The Root CA’s certificate is inherently trusted.
53
53
54
-
Digital certificates are used to authenticate an entity by relying this hierarchy, also called a *chain of trust*. You can view any certificate's chain using the MMC snap-in by double-clicking any certificate, then clicking the **Certificate Path** tab. For more information about importing certificate chains for a Certification authority, see [How to: Specify the Certificate Authority Certificate Chain Used to Verify Signatures](../../../../docs/framework/wcf/feature-details/specify-the-certificate-authority-chain-verify-signatures-wcf.md).
54
+
Digital certificates are used to authenticate an entity by relying on this hierarchy, also called a *chain of trust*. You can view any certificate's chain using the MMC snap-in by double-clicking any certificate, then clicking the **Certificate Path** tab. For more information about importing certificate chains for a Certification authority, see [How to: Specify the Certificate Authority Certificate Chain Used to Verify Signatures](../../../../docs/framework/wcf/feature-details/specify-the-certificate-authority-chain-verify-signatures-wcf.md).
55
55
56
56
> [!NOTE]
57
57
> Any issuer can be designated a trusted root authority by placing the issuer's certificate in the trusted root authority certificate store.
0 commit comments