It took me some time to figure this out. For a secure message transport we need a Secure Sockets Layer (SSL) Certificate from a Trusted Root Certification Authority like Symantec VeriSign. For development and testing purposes of WCF services you can be your own Certification Authority and issue a valid local certificate yourself.

Step 1
First create a root authority certificate and local private key. Open the Visual Studio command prompt, CD to the path where you want to put the certificate file. Then use the MakeCert.exe tool as follows:

makecert -n "CN=RemondoCA" -r -sv RemondoCA.pvk RemondoCA.cer

Step 2
Open the Microsoft Management Console (MMC). Add and/or open the “Trusted Root Certification Authorities” node and right-click “Import” on the “Certificates” node to install the root authority certificate we just made.

Step 3
Install a certificate for this local machine issued and signed by our local authority by using MakeCert from the command line:

makecert -iv RemondoCA.pvk -n "CN=localhost" -ic RemondoCA.cer localhost.cer -sr LocalMachine -ss My -sky exchange

Step 4
Get the Thumbprint of the certificate we just installed. Open MMC again and find the “Personal/Certificates” node.

Double click the certificate and scroll to the Thumbprint property. Copy the value into a text document and remove all the spaces. Copy the value to the clipboard.

Step 5
Bind the certificate to a port on the local system. Use netsh on the command line. select the port you want to use for your service (in this case 8888). The certhash is you certificate thumbprint (without the spaces). The appid can be any valid Guid:

netsh http add sslcert ipport=0.0.0.0:8888 certhash=e0e719dadcb5af84ba78d3e435643ac914d6e3ff appid={00112233-4455-6677-8899-AABBCCDDEEFF}

Step 6
Run netsh once more to show an overview of the registered ports:

netsh http show sslcert

And that’s all. In a future post I will be testing a WCF service with BasicHttpBinding and SSL transport. That’s why I had to install this certificate in the first place