If you are a .NET developer that creates IIS or self-hosted WCF services, then you will probably have the need at some point to secure the transport with a SSL certificate if using a http binding type. If you have a WCF service hosted by IIS, applying a SSL certificate is a bit more trivial because the endpoint configuration does not dictate the URL. The virtual directory in IIS will create the URL for your endpoint. However, if you are hosting your WCF service in a Windows Service, you dictate the endpoint and applying the SSL certificate is a little more involved. Because of this you may want to create a self-signed SSL certificate while still in development to ensure that your 'https' endpoint works correctly. With IIS websites, legacy .asmx services, or WCF hosted services, applying a SSL certificate happens after the fact via IIS and the initial testing with a SSL certificate may not even be desired. Regardless of your situation, the following tutorial shown you a simple procedure to create a self-signed certificate on your local machine.
So what is a self-signed SSL certificate you may ask. A 'CA' or Certificate Authority is a trusted provided to generate a SSL certificate. Your local machine is a CA, but unfortunately and as expected the CA on your machine is not trusted (as should be) by any outside party, so any SSL certificate generated locally is good and trusted just there: locally! To get a SSL certificate generated by a trusted CA, you need to go to a commercial provider like 'GoDaddy' or 'Verisign' and purchase a SSL certificate. These Certificate Authorities are trusted on the internet and are able to provide SSL certificates with a set expiration time (i.e. 2 years out). Once applied, you can view the SSL certificate information of a secure site by pressing the secure lock icon in most browsers next to the URL, and will see who issued the SSL certificate, its expiration, and other public details like the public key.
If you happen to be on an Active Directory domain doing 'intranet' or internal software development, you may have a CA on the domain that will issue certificates which will be trusted within the domain. This is the way to go so one does not have to buy a GoDaddy or Verisign SSL certificate for every internal WCF service or hosted ASP.NET site. Check with your server folks (unless that's you!) to see if there is a CA that issues SSL certificates trusted by all on the domain.
If you don't have IIS7, generating a SSL certificate is still possible. You just do the similar steps under the 'Directory Security' tab in IIS for a given site. Using IIS to create the certificate does not mean we have to host our service in IIS. It just has a convenient 'wizard' style interface to generate certificates and place them in the proper 'stores'. You can manually decide which stores your certificate is placed in and trusted by using the Certificate Manager MMC snap-in. That is really off topic for this post, but good to see how local and purchased certificates are managed. The snap-in is not under the administrator tools by default so look to the following link if interested in adding or accessing this MMC utility:
How to Add Certificate Manager to Microsoft Management Console
To begin a new certificate request, open IIS7 and click on the root element which is your machine or server node. Locate the 'Server Certificates' icon and double click it:On the right-hand side of the screen select the 'Create Self-Signed Certificate' link which will display the following dialog:
This is the important part which is dictating the friendly-name of your certificate. For local WCF development you really have (2) choices: name the certificate 'localhost' or the name of your machine. I recommend the name of your machine as it is more explicit. So in the example below my machine name is 'DevMachine1234'. The name is important for hosting WCF services and applying a SSL certificate to the exposed endpoint. If the SSL name does not match the domain of the hosted service it will not work. In the case of local development, name the certificate the same name as your machine.
After completing the request you will see the SSL certificate has been generated by the local machines CA, the friendly name, and the certificate hash.The hash value will be important in the next post about applying this self-signed certificate to a port number that is dictated in the WCF configuration for a service hosted by a Windows Service. If you are applying the SSL certificate to a IIS hosted service or site, all you have to do is select it from the dropdown when configuring the 'https' binding in IIS7.
Create A Self-Signed SSL Certificate Using IIS 7
My New Computer: A Developers Dream
Well call me old school, but I still like a bangin' desktop for my main home PC. For the general user mostly not moving beyond the bounds of the web for computer use any machine from a laptop, netbook, tablet, or heck even a smart phone will suffice. However any serious users doing coding in .NET with VS.NET, video transfer + editing, gaming, photo editing, etc. you really need a *real* machine that can handle the load. Nothing more scalable and well built then a sweet looking mid-tower loaded with lots of horsepower.
Recently I began assembling my new main home PC and I love it! I have found that building a PC and maybe updating just memory, video card, or even CPU will last much, much longer than purchasing any kind of store bought machine. Case in point, the last PC I built was in the fall of 2003. It was a Socket 478 Asus Motherboard mid-tower. It lasted me until I built this new machine just a few weeks ago. How? I upgraded from a Celeron to a P4 Extreme Edition, updated the RAM, updated the video card, and got almost 8 years out of it. Still a fantastic machine I gave to my brother-in-law because it still ran XP really well. Hopefully I get several years out of my new machine as well.
Because of this gap I never experimented with any RAID configuration, etc to increase the PCs main bottleneck: the magnetic disk hard drive. With my new build I wanted all of the best but yet still be on a budget. I was determined to use a Solid State Drive (SSD) for the primary OS drive, and a decent HDD for the additional space needs. Once I caught wind of the new Intel i7 'Sandy Bridge' line of processors, I knew it was time to build. Not only are the Sandy Bridge Generation 2 i7 processors about 1/2 the cost of good Generation 1 i7 processors, they are faster too.
My budget was to be around $1000-$1200. The hands-down best place anywhere to get good deals on computer hardware is http://www.newegg.com Between their 'Shell-Shocker' deals, coupon codes, sales, and overall low prices, I was able to build my new machine for under $1200. I am not including the OS because that is a given. My build was using Windows 7 64-bit Ultimate. So let's get to the parts ->>
LIAN LI Lancool PC-K63 Black Steel ATX Mid Tower Computer Case - Cost $99 via 'Shell-Shocker' deal. The case is fantastic! There really are no screws, everything snaps into place. Cable management is routed through guides so there isn't a big mess. There are several blue LED fans which make the case stand out too.











Well how is the overall performance when benchmarked? Well I don;t have any fancy tools, but using Windows 7's 'Windows Experience Index' the machine scored a 7.0 on a possible 7.9 scale:

The end result? Windows 7 64-bit installed in 12 minutes, the machine boots to desktop ready for use in about 15 seconds, and shut down time is about 4 seconds. Opening applications like VS.NET 2010? Almost instant. AWESOME! Hope this machine lasts me 8 years like my last one, to get everything out of it. I think every developer should have a machine like this. If you get a chance to build one similar, I highly recommend it.
Labels: Computer Hardware, Custom Built PC, Windows 7 1 Comment
