Hi Jason,
Welcome to MSDN newsgroup.
As for the X509 server certificate location question, here are some of my
understanding and suggestions:
1. For X509 certificate, the storage style (store in disk file or database
or .... machine specific or ....) is depend on the CSP for certificate.
Currently the windows implementation for certificate services only provide
machine wide certificate store. We can only store certificate in user store
or machien store and both are limited to a certain machine.
2. As for the "securityTokenM anager" you mentioned in WSE, it is used for
verifying and authenticating clientside security tokens (eg,
UsernameTokenMa nager, x509Certificate TokenManager... ..). So it won't have
any effect on locating and retrieving server certificate.
So for your scenario, we still recommend that you install the server
certificate on all the necessary server machines which will be involved in
your cluster or loading balance environment.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
From: <ja********@new sgroups.nospam>
Subject: securityTokenMa nager loading X509 certificate
Date: Tue, 30 Aug 2005 12:31:42 -0400
Lines: 9
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.3790.326
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
Message-ID: <eN************ **@TK2MSFTNGP12 .phx.gbl>
Newsgroups: microsoft.publi c.dotnet.framew ork.webservices
NNTP-Posting-Host: a7cebc03.cst.li ghtpath.net 167.206.188.3
Path: TK2MSFTNGXA01.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP12.phx. gbl
Xref: TK2MSFTNGXA01.p hx.gbl
microsoft.publi c.dotnet.framew ork.webservices :7688
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.webservices
Hi, I'd like to store X509 cetificates in a central location (file server,
database, etc), and load them when needed, is it practical ? and in term of
implementation, can this be achieved by subclass 'securityTokenM anager'? has
anyone done something similar and shed some lights on it?
thanks,
-Jason