Monday, May 2, 2011

WCF: Certificate EncodedValue

For a new application I’m building I have to use a certificate to connect to the WCF service. I didn’t want to pass the certificate through code instead I wanted to use the configuration model of WCF.

I found the following 2 options to specify the certificate. Either you put the certificate in your local certificate store and pass the certificate by using a certificatereference:

<certificateReference findValue="DE74CFE7D20E8DC2B6E6E700E4D2A940CB08B268" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />--><!--

Another option is to embed the certificate into your application by specifying the base64 encoded value of the certificate:

<certificate encodedValue="MIIGKjCCBRKgAwIBAgIKKwWMaS...TQymi87SNAM9H1dVaIfSysjc9BjhnhFm7HsINtj6S1g==" />

But how do you get this encoded value?

If you are using the svcutil.exe to generate the client proxy, this value will be added for you. Otherwise you can get this value yourself:

  • Open the Certificate store
  • Right click on the certificate you want to embed and choose Export…
  • Choose to NOT export the private key
  • Choose the Base-64 encoded X.509 option


  • Choose a file name

Once the .CER file is exported, you can get the base64 encoded value by opening the .CER file in notepad and copying the string.

1 comment:

Alex said...

Thanks for posting this, much appreciated. I wasn't aware you could export the base64 value right out of the Certificate management console.