Chaz,
On Windows Server, Certificate Services are added using the Control Panel
applet and selecting Add/Remove Windows Components.
No peals of laughter from this quarter - I'm finding WSE is a tough
challenge with respect to getting the certificates, etc sorted properly.
Information on certificates seems to fall into a gap that no-one is writing
about. Sure, you can get the P&P PDF/book on the whole WSE-3 subject, but
it seems to just keep mentioning "appropriate X.509 certificates" without
specifying what appropriate is.
The associated wse Labs include batch files that will install appropriate
IIS virt Dirs as well as "makecert" created certificates - these are not for
production use.
I don't personally know if the private server hosted Certificate services is
any better in this regard, as you won't have a full CA root certificate
published and understood by the client PC's. There should still be ways of
getting them to use your certs though.
I would be careful if your client pc's use Vista though. I use a privately
created cert for our Exchange server to allow SSL for OWA. I only have 10
users accessing this so deem it ok to not have a more publicly verifiable
cert. This works perfectly for IE on XP-sp2, but for Vista it halts the
user access unless you click "carry on, it really is OK", even after
installing the cert (and the address bar goes red).
I've just started looking at WCF (got the O'Reilly book "Learning WCF" by
Michele Bustamante yesterday) as the new alternative to WSE-3. It claims to
make everything "SOA" easier for the developer. Too early to say if that's
true yet from my 1 day of reading.
Hope that helps!
[quoted text, click to view] "Chaz" <Chaz@discussions.microsoft.com> wrote in message
news:BCC9590A-F8A6-45F0-8BED-B3669EA007F0@microsoft.com...
> We're ramping up to add WSE 3.0 to and existing system of desktop
> applications and web services.
>
> We'd like to use x509 certs for both messaging encyption and client
> authentication. We know this is possible, but at this point we're unsure
> about what types of certs we can use, where we can obtain them, how to
> deliver them to the client(s) and how to manage them (there could be 100+
> certs involved).
>
> I've seen references to a Certificate Server from MS. This seems to be a
> tantalizing alternative, however , I'm having trouble finding info for it
> in
> a win2003/IIS6 environement (everything seems to be for NT4 and earlier
> IIS
> versions).
>
> Any help, advice, pointers or derisive peels of laughter will be
> appreciated.
