WCF Services - SSL certificate installed on server indicates to clients that its secure and needs a certificate to access it's services. On the other side, How does a server know that the client...

Question

0.00/5 (No votes)

See more:

SSL certificate installed on server indicates to clients that its secure and needs a certificate to access it's services. How does a server know that the client making a call is a secure client?
Does the server really need to know if the calling client is a safe client? Isnt an SSL certficate check enough?

As per my understanding SSL certificate being assigned to a service on IIS makes it a secure transfer and the client needs to make calls via HTTPS. Server when receives a call from the client looks for the SSL certificate to make sure the client is a legit one and should be transmitting data on request. The person i had this discussion with, did not tell me how server validates if a client is secure but he indicated there is a way. Please share your thoughts.

Posted 8-Feb-14 5:34am

sudh1983

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

sudh1983 · Answer 1 · 2014-02-09T19:27:00

After searching the web and reading through some material, This is what i understand.

SSL certificates (issued by third party) are to be added to the wcf service via IIS which we want to expose. This will only make sure that the server is secured. Now a client needing information from the wcf server would initiate a SSL handshake by sharing the SSL version it has and the information it is wanting.
Now server send the client the SSL certificate it has. This certificate should be either trusted by teh client or should be trusted by a third party (example - verisign)the client trusts.

Once the client knows that this is the server its really intended to connect for information, A key is exchanged. Both server and client now can compute the encrypted key. The client tells the server that further communication can be encrypted and sends an encrypted and authenticated message to the server.

The server finally verifies if the authenticated messaged can be decrypted correctly, it informs the client via a message and the client verifies as well.

Now the process of handshake is complete. Very interesting to know what happens behind the scene when SSL certificates are used for secure transactions.

Very detailed information available at : http://security.stackexchange.com/questions/20803/how-does-ssl-work[^]