Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve got a WCF intranet application I’m working on that will have 150 clients controlled/monitored by a control application. Is it kosher to create a self-signed certificate and install this same certificate on each of the 150 clients?
I want security between the client and server but will not have authentication support from a domain controller et al.
Any pitfalls in using the same certificate on all these clients?
The pitfall is you won’t really be able to distinguish between them unless they’re passing some other form of identity along with the request. Plus, if one of them is compromised, you essentially have to shut your entire service off because they all use the same certificate. IMHO you want to create a client certificate per partner to avoid these problems.
The question I have though is, why aren’t you just using transport security (i.e. SSL) instead of message security if all you care about is securing the communication and not providing identity?