<defaultCertificate> Element
Specifies an X.509 certificate to be used when a service or STS does not provide one via a negotiation protocol.
Schema Hierarchy
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior> of <endpointBehaviors>
<clientCredentials>
<serviceCertificate> of <serviceCredentials>
<defaultCertificate> Element
Syntax
<defaultCertificate findValue="String"
storeLocation=" CurrentUser/LocalMachine"
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"
x509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialiNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
Attributes
Attribute | Description |
---|---|
findValue |
String. The value to search for. |
x509FindType |
Enumeration. One of the certificate fields to search. |
storeLocation |
Enumeration. One of the two system store locations to search. |
storeName |
Enumeration. One of the system stores to search. |
Child Elements
None.
Parent Elements
Element | Description |
---|---|
Specifies a certificate to use when authenticating a service to the client. |
Remarks
For bindings that use certificate-based message security, certificate specified by this configuration element is used to encrypt messages to the service and is expected to be used by the service for signing replies to the client. It stores a single certificate to be used when no certificate is specified by a service.
Example
The following example specifies a certificate to use for endpoints whose URI begins with https://www.contoso.com and a certificate to use for all other endpoints that do not perform certificate negotiation.
<serviceCertificate>
<defaultCertificate findValue="www.contoso.com"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindByIssuerDistinguishedName" />
<scopedCertificates>
<add targetUri="https://www.contoso.com"
findValue="www.contoso.com" storeLocation="LocalMachine"
storeName="Root" x509FindType="FindByIssuerName" />
</scopedCertificates>
<authentication revocationMode="Online"
trustedStoreLocation="LocalMachine" />
</serviceCertificate>
See Also
Reference
<authentication> of <clientCertificate> Element
X509DefaultServiceCertificateElement
X509CertificateRecipientClientCredential
DefaultCertificate
Other Resources
Working with Certificates
Securing Clients
Securing Services and Clients
© 2007 Microsoft Corporation. All rights reserved.
Last Published: 2010-01-05