c# - HTTPS from a console application?

Question

I am not using IIS, and it isn't even installed on this computer. I also don't any app.config files or web.config files in my console hosted WCF REST service. But I would like to try and get HTTPS running on the host console application:

class Program
{
    static void Main(string[] args)
    {
        string baseAddress = "http://" + Environment.MachineName + ":8000/Service";
        ServiceHost host = new ServiceHost(typeof(Service), new Uri(baseAddress));
        //WebHttpBinding binding = new WebHttpBinding();
        //binding.Security.Mode = WebHttpSecurityMode.Transport;
        host.AddServiceEndpoint(typeof(IService), new WebHttpBinding(), "").Behaviors.Add(new WebHttpBehavior());
        host.Open();

        Console.WriteLine("Host opened");
        Console.ReadLine();

Is there a way I can have my service running in HTTPS?

Answer 1

1. Create and install a root authority and HTTPS certificate

   Open command prompt as Administrator:

   Create folder C:Certs and navigate to it.

   #Root Authority
   makecert.exe -r -pe -n "CN=My Root Authority" -ss CA -sr LocalMachine -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer
   
   #Certificate
   makecert.exe -pe -n "CN=localhost" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv server.pvk server.cer
   
   #key
   pvk2pfx.exe -pvk server.pvk -spc server.cer -pfx server.pfx
   

   **Default location for makecert and pvk2pfx is C:Program Files (x86)Microsoft SDKsWindowsv7.0Ain

2. Install certificates

   From the command line:

   certmgr.exe -add CA.cer -r LocalMachine -s CertificateAuthority

   certmgr.exe -add server.pfx -r LocalMachine -s My -all

   From MMC:

   Open up MMC by going to command prompt and type MMC. This will open blank MMC console. Click add/remove snap in. Add Certificates and choose Computer Account / Local computer.

   Navigate to Intermediate Certification Authorities / Certificates. Right Click and choose import. Navigate to the folder where you have creatd CA.cer file and click to import.

   Navigate to Personal / Certificates and right click Import. Locate your server.pfx file (you will need to select PFX from list of available extensions) and import this file. When done open the certificate by double clicking and note its thumbprint under Details. Paste this into Notepad and remove extra ? at the beginning and remove spaces.

   To get the certificate of server thumbprint you can run this in PowerShell:

   $getThumb = Get-ChildItem -path cert:LocalMachineTrustedPeople | where { $_.Subject -match "CN=localhost" }
   $getThumb.thumbprint
   

3. Register and map WCF port with netsh

   Map to WCF port

   netsh http add sslcert ipport=0.0.0.0:8000 certhash=73269e9b554f58d75e77880f5ff72b50c8d724ee appid={e2eaacd9-92e6-43cc-b51c-7a7887149607}
   
   appid - any GUID
   certhas - this is the thumb print from the step 2
   

4. Setup your host

   Set to HTTPS and enable transport security:

   string baseAddress = "https://" + Environment.MachineName + ":8000/Service";
   var binding = new WebHttpBinding();
   binding.Security.Mode = WebHttpSecurityMode.Transport;
   

Detailed references

• How to: Create and Install Temporary Certificates in WCF for Transport Security During Development (MSDN)

• Configuring HTTP and HTTPS (MSDN)

• How to: Configure a Port with an SSL Certificate (MSDN)

And if you run into problems with add sslcert:

• Stack Overflow question Self-hosting using SSL and WCF - can't bind certificate to port

• Stack Overflow question Using netsh, bind an SSL certificate to a port number is failing

• Stack Overflow question Certificate on WCF service that does not use IIS