2010
01.22

I was trying to set up a WCF net-tcp service on a test environment, but kept getting an error saying the certificate could not be found. The problem was down to a slight difference between the test certificates we were using locally, and the certificate we were given for the test environment. We’re using FindBySubjectDistinguishedName in the config.

The test certificate’s subject looked like this:

CN = TestCertName

Whereas the environment certificate’s subject looked like:

CN = CertName
OU = Company Ltd.
O = Company
L = Town
S = County
C = Country Code

All the examples I’ve seen just cover certificates with the CN part. This is straightforward to reference in the WCF config:

<serviceCredentials>
   <serviceCertificate
            storeLocation="LocalMachine"
            storeName="My"
            findValue="CN=TestCertName"
            x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>

However, when the certificate subject has multiple parts (i.e. more than just CN), you need to put all of them in the findValue attribute. But how to separate them? I tried several characters – space, comma, semicolon, colon – none worked. The certificate could not be found! Finally I noticed that in the top part of the certificate’s properties window, the values are separated by a comma and a space. Unbelievably, this also applies to the config! How intuitive. So for the “CertName” certificate above, here’s how to reference it in the WCF config:

<serviceCredentials>
   <serviceCertificate
            storeLocation="LocalMachine"
            storeName="My"
            findValue="CN=TestCertName, OU=Company Ltd., O=Company, L=Town, S=County, C=Country Code"
            x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>

6 comments so far

Add Your Comment
  1. Thanks a lot ! Spend a couple of hours running around with no real explanation. This one is really good ! You made my day :-)

  2. You helped me as well. Ironic, isn’t it, when an API tries to be all friendly by letting you use strings and then is secretly picky about how many spaces follow a comma!

  3. thanks for this.

  4. Thanks, your answer was very helpful. I ran into a problem since the Organization name in the Digital Certificate contained a comma.

    For example “O=Acme Systems, Inc.” needs special attention since it contains a comma (,). I had to surround the string with double quotes (“). Since it is an XML document, the way to do this is using the " construct e.g. “CN=Rumman Gaffur, OU=IS, O="Acme System, Inc.", L=Boston, S=MA, C=US”.

    storeLocation=”CurrentUser”
    storeName=”My”
    x509FindType=”FindBySubjectDistinguishedName”
    findValue=”CN=Rumman Gaffur, OU=IS, O="Acme System, Inc.", L=Boston, S=MA, C=US”

  5. Oops, it turned & quot ; into “.

  6. Thanks a lot!
    I found a couple of month ago how to use “long subject names” but could not remember it.
    Nice to find your well documented post!

    It should be documented in msdn…