By Rohan Pinto on Apr 03, 2006
A few folks have been having issues using self signed server certificates to invoke the Identity Selector WinFX Component. Here's a short walkthorough on how to use a self signed certificate and save a few $$$'s from having to but a Certificate from a Trusted Authority.
The key is to use the sha1rsa Signature Algorithm instead of using the default md5rsa Signature Algorithm.
openssl genrsa -des3 -out pass.key 1024
openssl rsa -in pass.key -out server.key
openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt
Then copy the server.key and server.crt to your webservers config directory.
cp server.key /etc/httpd/conf/ssl.key/
cp server.crt /etc/httpd/conf/ssl.crt/
Change file access permissions
chmod go-rwx /etc/httpd/conf/ssl.key/server.key
Made a test cert
Create a server.pem file as by concatenating the server.key file and the server.crt file as follows:
cat /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.crt/server.crt > /etc/httpd/conf/server.pem
restart your webserver.
Your self signed certificate should now invoke the identity selector without any issues...
NOTE : Remember folks. If youre learning anything at all from all of us who are blogging our experiences and processes about getitng infocard to work in all these various platforms and scenarios to PLEASE "pay it forward".