Creating the certs

Nov 23, 2009 at 10:38 PM
Edited Nov 23, 2009 at 10:40 PM

I have to sy this this guide is great, but is very fragmented! There is no mention anywhere in the document or the code download on how to generate the certificate files. There seems to be two different certs generated, one for mobileclient and another for, but no instructions on how to generate them. I've already spent 8 hours on google trying other examples and looking at the makecert file and whatever else, but they never work or are meant for non mobile clients.

Most of the time I get "InvalidSecurity" CFFaults, why is this? I assume that its because it cant authenticate the cert, but the code is the same.

What are the steps for getting and using a cert/certs from a trusted CA? Do you have to get two? I dont get what needs ot happen.

Nov 24, 2009 at 5:34 PM

We provided the certs to make it possible for you to run the samples, but of course we had to draw the line somewhere as to what we covered and generating certs just was not part of the goal of the document. You can also read my setup instructions for my book code here: for details on how to work with certs. It includes instructions for makecert.exe used to create the certs in this article.

To find out what the CFFault is you have to look at the trace logs in the WCF service. Can you turn on trace and load SvcTraceViewer to check it out? An example how to enable trace is here:

As for certs, you will get a cert from a trusted CA for the service ( equivalent) and that can be used to secure messages from the client. You will only get a client cert if you want to use certificates to secure calls from the client. Most likely you will not do this, but we covered it since some people need to do this.


Nov 24, 2009 at 6:01 PM

Thanks, I found the apendix A and i think it should be all I need.

I know what the CFFault is, the message is "InvalidSecurity". It only happens sometimes and only when I use certs. I am thinking that my service didnt rebuild after I made config changes and that it wasnt expecting certificates.

I do need client certs, we are transmitting confidential information over the wire, but more importantly we need to use the client cert for authentication of the device.