We should install the certificate to the server that hosts the services with Transport level security.

For tests we could use the self-made certificate, for production we recommend to use the certificate issued by the industrial certificate provider as the VeriSign.

1. Install Microsoft .NETFramework2.0 Software Development Kit (SDK) (x64) [http://www.microsoft.com/downloads/details.aspx?familyid=1AEF6FCE-6E06-4B66-AFE4-9AAD3C835D3D&displaylang=en]. It is installed by default to the “C:\Program Files\Microsoft.NET\SDK\v2.0 64bit\Bin ” folder.

2. [Optionally, only if you also have server certificate and want to refresh it]”C:\Program Files\Microsoft.NET\SDK\v2.0 64bit\Bin\certmgr.exe” -del -r LocalMachine -s My -c -n MyCompany-HTTPS-Server

3. “C:\Program Files\Microsoft.NET\SDK\v2.0 64bit\Bin\makecert.exe” -sr LocalMachine -ss My -n CN= MyCompany-HTTPS-Server -sky exchange -sk MyCompany-HTTPS-Key

4. Install the new certificate to the IIS by the Web Server Certificate Wizard. Open IIS Admin, choose the Default web-site, Properties, Directory Security tab, Secure communicationServer Certificate button, it starts the Web Server Certificate Wizard .

To expose the service metadata by HTTPS and HTTP use:

<behavior name=”ServiceBehavior_Name”>
<serviceMetadata httpGetEnabled=”true” httpsGetEnabled=”true” />
<serviceDebug includeExceptionDetailInFaults=”false” />

To expose the service metadata by HTTPS or HTTP only, change attribute the httpsGetEnabled or httpGetEnabled to false.

[2] Transport Security Overview – http://msdn.microsoft.com/en-us/library/ms729700.aspx