WSE 3.0 QuickStart例子学习(三)--证书生成
有很多朋友在看过了WSE3.0的例子后,都有一个奇怪的问题,那个证书是怎么生成的,如果不知道怎么生成的,不就不能够用WSE3.0的项目了,而且,如果我需要的证书是要有我需要的名字的时候,怎么办呢?
这个事情在我脑中想了一段时间,后来终于明白了。在我们用WSE3.0的例子时候,不是有运行Setup.bat的操作吗?bat不是包含DOS命令窗口吗?打开Setup.bat,果然,里面有个一些操作生成证书的DOS命令,看到很多$SERVER_NAME$,$CLIENT_NAME$\$ROUTER_NAME$的宏定义,明白了,原来这个可以自定义是什么名称,如果我在set SERVER_NAME=WSE2QuickStartServer
set CLIENT_NAME=WSE2QuickStartClient
set ROUTER_NAME=WSEQuickStartRouter里面把名称改成我需要的证书名称不就可以了吗?
原来证书这个东西也挺好弄的,不过我没有研究深入,其实证书管理这个东西关系到很多东西,我在这里也不想研究了,毕竟我只要用户认证方式操作就好了,o(∩_∩)o...,还是留些时间看看我想看的MSMQ说明吧。
还要说明一下,在Setup.BAT文件夹里面还有个文件叫Cleanup.bat,浏览了一下,是删除证书。这样一来我们只需要改变其变量文件名就可以创建和删除自己需要的证书了。OK,下面复制粘贴一下Setup.bat,和Cleanup.bat文件,留以备份。
...............................................
Setup.bat
...............................................
echo off
REM **
echo ************
echo NOTE: This batch file must be run from a Visual Studio 2005 Command Prompt
echo ************
REM ** This batch file
REM ** 1) Sets the directories and file access privilege depending on the OS.
REM ** This is necessary so that the WSE trace files can be successfully written
REM ** 2) Generates and installs sample certificates into the certificate stores
REM ** for use with the Quickstart samples.
REM **
echo ******* Important *******
echo By default ASP.NET v2.0 is not set as the active
echo version when .NET v2.0 is installed on a machine that has either .NET v1.0 or
echo .NET v1.1 already installed.
echo To check which ASP.NET is the default, run the following command from a VS2005 command prompt;
echo aspnet_regiis.exe /lv
echo and check which version has the (root) name associated with it.
echo If this is not v2.0, then ASP.NET v2.0 can be enabled with the following command;
echo aspnet_regiis.exe /i /e
echo See the Quickstart readme.htm in this directory for more details.
echo ******* Important *******
pause
REM ** Access priviledges
echo ************
echo Setting the access privileges on the Quickstart sample directories
echo so that the account that ASP.NET is running under can write WSE trace/diagnostic files.
echo ************
REM ** This version check only works on English machines.
set WP_ACCOUNT=NT AUTHORITY\NETWORK SERVICE
(ver | findstr "5.1") && set WP_ACCOUNT=%COMPUTERNAME%\ASPNET
cacls.exe . /T /E /G "%WP_ACCOUNT%":F > nul
REM ** Set up the Certificates
set SERVER_NAME=WSE2QuickStartServer
set CLIENT_NAME=WSE2QuickStartClient
set ROUTER_NAME=WSEQuickStartRouter
echo ************
echo Removing any WSE certificates that are already installed
echo ************
REM Server Certs
certmgr -del -r CurrentUser -s AddressBook -c -n %SERVER_NAME%
certmgr -del -r LocalMachine -s My -c -n %SERVER_NAME%
REM Client Cert
certmgr -del -r CurrentUser -s My -c -n %CLIENT_NAME%
REM Router Cert
certmgr -del -r LocalMachine -s My -c -n %ROUTER_NAME%
echo ************
echo Server cert setup starting
echo %SERVER_NAME%
echo ************
echo Making server cert
echo ************
makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN=%SERVER_NAME% -sky exchange -pe
echo ************
echo Copying server cert to client's CurrentUser store
echo ************
certmgr.exe -add -r LocalMachine -s My -c -n %SERVER_NAME% -r CurrentUser -s AddressBook
echo ************
echo Client cert setup starting
echo %CLIENT_NAME%
echo ************
echo Making client cert
echo ************
makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=%CLIENT_NAME% -sky exchange -pe
echo ************
echo ************
echo Router cert setup starting
echo %ROUTER_NAME%
echo ************
echo Making router cert
echo ************
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=%ROUTER_NAME% -sky exchange -pe
echo ************
echo ************
echo Setting access privileges on the certificates depending on the OS
echo ************
echo ************
echo Accessing the LocalMachine Personal Store For the Server Cert.
echo ************
set WP_ACCOUNT=NETWORK SERVICE
(ver | findstr "5.1") && set WP_ACCOUNT=%COMPUTERNAME%\ASPNET
winhttpcertcfg -g -c LOCAL_MACHINE\My -s %SERVER_NAME% -a "%WP_ACCOUNT%"
echo ************
echo Accessing the LocalMachine Personal Store For Router Cert.
echo This is used by the SecureRoutingToUltimateReceiver sample.
echo ************
winhttpcertcfg -g -c LOCAL_MACHINE\My -s %ROUTER_NAME% -a "%WP_ACCOUNT%"
echo ************
echo Restart IIS.
echo ************
iisreset
...............................................
Cleanup.bat
...............................................
echo off
REM ** Set up the Certificates
set SERVER_NAME=WSE2QuickStartServer
set CLIENT_NAME=WSE2QuickStartClient
set ROUTER_NAME=WSEQuickStartRouter
echo ************
echo Removing any WSE certificates that are already installed
echo ************
REM Server Certs
certmgr -del -r CurrentUser -s AddressBook -c -n %SERVER_NAME%
certmgr -del -r LocalMachine -s My -c -n %SERVER_NAME%
REM Client Cert
certmgr -del -r CurrentUser -s My -c -n %CLIENT_NAME%
REM Router Cert
certmgr -del -r LocalMachine -s My -c -n %ROUTER_NAME%