This is one of the most frequently asked questions on the newsgroups.
Since Verisign and Thawte do not speak “message-based security”, people are always confused about buying SSL Certificates for doing WSE or WCF.
It’s not just the vendors. Sometimes the people responsible for your networks are also hard to convince since message-based security just does not make sense in their world. They may not know which one is right either.
What have you had success with? What actual certificates (literally the name that the vendor applies to the cert) have you purchased from which vendors? There’s a myriad of choices, but it’s never easy to pick.
Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!
Hi Julie,First off, your comments in your blog about WSE3.0 and certs have been a great help in my development.I’m going through the process right now of trying (key word "trying") to obtain certificates for a client/server application that I’ve written.The client communicates to the server via my web service and I’ve used Microsoft’s makecert utility to generate test certificates to get the whole process down, debugged and tested for those messages that have to be secured.Now, it’s time to get the "real" certs and I’ve had no luck in talking to Verisign.I spent over an hour last week on the phone with them and got passed between 4 different people.The last person tried to be helpful but he tried to convince me that all I needed were email certificates that I could buy for $19.95.If you or anyone else has any help on this, it would be greatly appreciated!
I am interested in the answer to this too